cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
estieg
Former Employee

FAQ: Recent questions and answers from our SSL & Security AMA

If you weren't able to tune in during the live SSL & Security AMA, please find a few of the recent questions and answers!

 

Question 1:

@filip asked, "after installing SSL , everything was running fine until we installed it on another domain, then we received an error - 

" Secure Connection Failed

An error occurred during a connection to www.clickdotmailer.com. Peer’s Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. " 

 

Answer:

Typically, you will need to export the certificate from one of the virtual hosts, and import it to the other one in order to avoid redirect issues. While we don't have any documentation on this currently, there are guides available online on how to share a UCC certificate between multiple virtual hosts for apache2. I hope this helps!

 

Question 2:

How to install Let's Encrypt through cPanel?

 

Answer:

I have created a video session on How to install Let's Encrypt SSL through cPanel. Kindly, Refer below article before installing Let's Encrypt SSL on a domain. 

https://www.godaddy.com/community/cPanel-Hosting/Video-Walkthrough-Installing-Third-Party-SSLs-in-cP...

 

Video Walkthroughhttps://goo.gl/e81abo

Key Points:

Timestamp DNS Propagation: 3:55

After applying the accurate TXT records as per SSL provider. We've to wait 600 seconds to reflect the DNS changes. In case, If you use TTL higher than 600 seconds, You've to wait the specific period as per TTL seconds.

Timestamp OWN CSR: 5:03

In case, If you don't wish to use SSL provider (SSL for free) auto-generated CSR. You always have a choice to submit your own CSR and Generate CRT and CA Bundle.

Timestamp Sign up9:10

Create an account with SSL provider, which gives you more merely a way to organize all of your SSL certificates.

Timestamp SSL checking9:55

https://ssltools.godaddy.com/views/certChecker

 

Question 3:

@oppi asked, I'm using Cloudflare as CDN. I have purchased their SSL certificates, but https doesn't work on my site. They have said to me that I have to ask my hosting provider to configure HTTPs for my website.

 

Answer: 

After generating CSR and receiving the SSL, you'll need to upload and install the certificate. 

 

Referencing this Help article - 

Manually installing SSL on your cPanel Hosting. Uplading and Installing Your Certificate

To complete these steps, you need to have the CRT file provided to you by the company who issued your SSL certificate.

  1. Upload your certificate
    1. Log in to your GoDaddy account.
    2. Click Web Hosting.
    3. Next to the cPanel account you want to use, click Manage.
    4. Click cPanel Admin.
    5. In the Security section, click SSL/TLS Manager.
    6. Under Certificates (CRT), click Generate, view, upload, or delete SSL certificates.
    7. Use the Upload Certificate section to upload the CRT file from your local machine and click Upload Certificate.
  2. Activate your certificate
    1. From the SSL/TLS Manager, click Manage SSL Sites
    2. Click Browse Certificates and select the certificate that you want to activate. This will auto-fill the fields for the certificate.
    3. Click Install Certificate.

 

Question 4:

@ccdantasgd asked,    Is GoDaddy SSL and Web Host set for TLS1.2 connections?

 

Answer:

Thanks for writing in. TLS 1.0 has been disabled across the board for GoDaddy Shared Hosting, but at this time we do not offer the ability to turn off TLS 1.1 on individual shared hosting accounts. For more granular control of your hosting environment, you may need to consider moving over to a virtual private server. 

 

Question 5:

@aussiepapercoll asked: How do I generate an SSL key?

 

Answer:

Thanks for writing in. It sounds like you have the new CSR from your hosting account with HostGator. To regenerate your SSL certificate, you will need to rekey the certificate. You can find the instructions to rekey your certificate here: https://www.godaddy.com/help/rekey-my-certificate-4976

 

Question 6:

@vectorgeo asked; I'm getting an error when completing a certificate request disappearing from the server certificates.

 

Answer:

This is an issue with the way that IIS handles certificates that have been renewed. After your certificate automatically renews at GoDaddy, you will need to rekey the certificate using the instructions here: https://www.godaddy.com/help/rekey-my-certificate-4976 

 

Once you've done that, and the certificate is issued, you will be able to install the SSL certificate without the bindings disappearing. Hope this helps!

 

Question 7:

@Bethesdahousema asked about PayPal and TLS 1.2 Compliance

 

Answer:

TLS 1.0 has been fully disabled on all Linux shared hosting platforms at this time. If you are on Windows, TLS 1.0 is being disabled soon, but I do not have an exact date. I hope this helps.

 

Question 8:

 

@AI1 mentioned, SSL Domain Verification with TXT record in DNS zone

 

Answer:

 

 

When you renew your certificate, you may need to verify your certificate request again dependent on how long it has been since your last renewal. Here is some information on how to verify your certificate request: https://www.godaddy.com/help/verify-my-certificate-request-standard-assurance-23838

 

If you want to verify domain ownership via DNS, you can do so following these instructions: https://www.godaddy.com/help/verify-domain-ownership-html-or-dns-7452#dns

 

Question 9:

@szklanym asked,  My sites been hacked what should I do?

 

Answer:

It looks like there's a vulnerability somewhere in your environment causing you to be reinfected. This is not abnormal once breached. In a lot of cases, a backdoor file is placed into the environment allowing the attackers to reinfect.

 

Finding these backdoors and infected files can be daunting. We have a dedicated team with tools and experience cleaning hundreds of websites every day. Have you considered chatting with our Website Security team?

 

Check out our website malware cleanup products - https://www.godaddy.com/web-security/website-security

 

Q10:

@Ankit90 asked Questions on how to strengthen the security of my website

 

Answer:

1. SSL - How can I generate a SSL certificate manually.

You can generate your own SSL on any computer but it wont be recognized as valid since it was self-signed, it needs to be issued by a certification authority:
https://en.wikipedia.org/wiki/Certificate_authority
If you still want to generate your own self-signed SSL then I would recommend following this guide:
https://www.linux.com/learn/creating-self-signed-ssl-certificates-apache-linux

2. How can I set the headers from the server side.
You can edit the .htaccess file on your website and set the headers you need.

3. How to control the server ports (open and close).
This is not possible on shared hosting, you will need a VPS or a dedicated server to be able to do that.

4. Also, I want full information for all the security protocols implemented in SQL server and shared server.
We will be happy to answer specific questions, our servers have many security features and changes that have been made to protect customers hosting accounts, please be more specific.

Let me try to give more details regarding securing your website:
Generally we recommend making sure that your software is up to date and any old and outdated software be removed. If you have a custom website then we recommend making sure that your code is secure. Most websites are compromised due to outdated software when a vulnerability is found in that software or a custom made software which was not written securely. We also highly recommend using randomly generated passwords and keeping them in a password manager which would make it harder for a virus to steal the passwords if your PC is infected. Passwords should also be updated, once a year or even more often is recommended, its also best to not reuse passwords on more then one site.

Having a Web Application Firewall is also recommended, you should consider our security packages to better protect your website even when there is a vulnerability found in your software.
https://www.godaddy.com/web-security/website-security
https://www.youtube.com/watch?v=fbUbkR9hDyM

 

 

If I answered your question, please mark it as the solution or give it a "Kudo"
1 REPLY 1
Highlighted

Re: FAQ: Recent questions and answers from our SSL & Security AMA

How to Install an SSL/TLS Certificate In Web Host Manager (WHM)

The following instructions will guide you through the SSL installation process on Web Host Manager (WHM). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructionsand disregard the steps below.

What You’ll Need 1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Installation Instructions 1. Log in to WHM

Log in to WHM, this can typically be accessed by going to https://domain.com:2087.

Note: You may encounter error message “Your connection is not private” or something similar when attempting to visit your WHM login page. This is caused due to your login page using a self-signed certificate by default. Please disregard this and proceed past the error message.

2. Enter Username/Password

Enter your Username/Password and click Log in.Web Host Step3

3. Go to your Homepage

Make sure you’re on your WHM Homepage.Web Host Step4

4. Click SSL/TLS

Click the SSL/TLS button.Web Host Step5

5. Click Install an SSL Certificate on a Domain

In your SSL/TLS Manager page, click Install an SSL Certificate on a Domain.Web Host Step6

6. Type in your domain name

In the Domain field, type the domain name you want to secure with your SSL Certificate.Web Host Step7

7. Input your Certificate Files

Copy and paste your Certificate Files into the appropriate text box(s).

install SSL in web host

  1. Certificate – This is your server certificate that was issued to your domain(s).Note 1:WHM should automatically fetch the Certificate (CRT) text if you previously uploaded the server certificate  on the server and entered the correct domain name above. Note 2: If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–” and “END CERTIFICATE—–“.
  2. Private Key – This is your private key that was created during the generation process.Note 1: WHM should automatically fetch the Private Key text if you previously created the Certificate Signing Request (CSR) in the “Generate an SSL Certificate and Signing Request” section of your SSL/TLS Manager and entered the correct domain name above.Note 2: If you made the CSR and private key outside of your WHM account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair.
  3. Certificate Authority Bundle (optional) – These are your intermediate certificates that allow browsers and devices to understand who issued your trusted certificate.Note 1:WHM automatically fetch the CA Bundle from a public repository. If you forgot to save these files, download the appropriate CA/Chain Certificate for your certificate.  Note 2: If you have multiple intermediate certificates, paste each of them one after another to create the correct certificate chain/path.
8. Click Install

Once you’ve inpuuted the Certificate Files into the correct boxes, click Install.

Note 1: You are not required to “Enable SNI for Mail Services”. Server Name Indication (SNI) should only be used if multiple hostnames are being server over HTTPS from the same IP address.

Note 2: You or your web host may need to restart the Apache server before the certificate will work.

Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.

To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance.

Manual Intermediate Installation Instructions

If the intermediate certificates did not successfully install and configure themselves accordingly using the instructions above, please reference the instructions below on how to manually install them directly in Apache. If you do not have access to your Apache server, please contact your web host or system administrator for additional assistance.

1. Locate the Virtual Host File

Locate the Virtual Host File, this can typically be accessed in the /etc/httpd/conf/httpd.conf file.Note: The location and name of this file can change from server to server depending on your configuration. Another popular name for the file is “SSL.conf”.

2. View the Virtual Host File

View the Virtual Host configuration with the proper name & IP address (including port 443).

3. Edit your Virtual Host

Edit your Virtual Host configuration by adding the bolded YourIntermediateCertificate file below:

<VirtualHost 192.168.255.255:443>
  DocumentRoot /var/www/html2
  ServerName www.yourdomain.com
  SSLEngine on
  SSLCertificateFile /path/to/your_domain_name.crt
  SSLCertificateKeyFile /path/to/your_private.key
  SSLCertificateChainFile  /path/to/YourIntermediateCertificate.crt
  </VirtualHost>

Note: Make sure you type the correct file path and name where you plan on saving the intermediate certificates. You should save these certificates in the same directory that cPanel has your server certificate and private key stored.

4. Save the changes

Save the configuration file changes.

5. Add the intermediate certificate

Add the intermediate certificate file to the same directory that cPanel has your server certificate and private key stored.

6. Restart your server

 

iPhone Screen Replacement