I have a website running on a shared hosting provider (ie. without SSH access). CPanel is installed. Is it possible to install (and just as importantly, renew) a Let's Encrypt certificate automatically without SSH access? Perhaps a CPanel plugin or cron job (for automatic renewals)?
follow this tutorial to for auto renewal https://neurobin.org/docs/web/fully-automated-letsencrypt-integration-with-cpanel/
You can install Lets encrypt SSL using cPanel ssl/tls -->Install and Manage SSL for your site (HTTPS) --> Manage SSL Sites. To renew certificate you need to regenerate it using your account key and Certificate provided by Lestencrypt in first time. I have done successfully that on GreenGeeks shared hosting help of http://wayneoutthere.com/how-to-lets-encrypt-cpanel-shared-hosting/. You can use https://zerossl.com/free-ssl/#crt to generate Certificates and copy to Cpanel.
You can try to install SSL on your domain through cPanel >> Security >> SSL.
If you are unable to find this in your cPanel then you need to install SSL on your domain through WHM.
You will need Let's Encrypt itself to be installed on the server before running any plugin or crontab job (specially that).
I doubt there is a way to do that without SSH connection, specially on a shared server.
Related
I am developing a desktop client application for an https-protocol based REST API provided by a third party.
I want to test the programmatic communication with the API when the server's certificate is not installed on my local computer. For this, I need to know how to make it mandatory to have the server's computer installed on my computer. Note: the certificate is not self signed, rather it is issued by a CA.
I want to test what errors enterprise users will get when my client application will make the API call to the SSL server in a highly secure enterprise environment where the IT policy is configured to mandatorily require installation of server's certificate on the client's local computer.
Is there such a configuration in Window which makes it mandatory for server certificates installed on local computer, for any API communication? If yes, can someone guide me on the steps for Windows 10 Professional.
We host a website in our company.
A certificate was issued to www.ourdomainname.com from the company IT department.
Now we want to move the website to azure and install the certificate there.
I already exported the certificate with private key exported set to true from the server.
1.) What will happen when the certificate is installed on azure when it is also installed on our company server?
2.) What will happen when the website on our server is stopped in the server and the certificate is then imported to the azure website?
3.) How can I guarantee a soft transition time without any break?
The aim is:
Website on the company server going to be deleted and the website on azure is used instead.
What will happen when the certificate is installed on azure when it is also installed on our company server?
web site will be available via SSL in Azure too.
What will happen when the website on our server is stopped in the server and the certificate is then imported to the azure website?
web site on your server will be inaccessble.
How can I guarantee a soft transition time without any break?
it is more about DNS management. There is no much work with SSL. You just install SSL on both internal and Azure servers, so clients can access both. Test if web site on Azure works the same way as on your internal server. Then point all clients (via DNS) to a web site on Azure. When all clients move and there are no references to internal server, you can safely shutdown it.
The SSL Certificate which was exported from the current server has to be imported in Azure. The format of the certificate has to be PFX.
Now, in the DNS Management , you need to edit the A record for the URL and point it to the IP address of Azure. This will make sure that any request made will be handled by Azure .
I am using Ansible on a Linux computer connecting to a windows 8.1 embedded computer. It's able to connect with username and password over the HTTPS port 5986, but I need to specify the option:
ansible_winrm_server_cert_validation=ignore
The ansible documentation specifies:
The following is necessary for Python 2.7.9+ (or any older Python that
has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using
default WinRM self-signed certificates:
The windows computer has an SSL listener that was configured with Self-SignedCertificates from the powershell script:
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
My question is that if I'm ignoring server cert validation, does that compromise the encryption that HTTPS is supposed to provide? or is server cert validation just a separate process of HTTPS?
Thanks
Yes, if you ignore certificate validation as recommended in the default Ansible config for WinRM, your connection is not secure - someone can spoof the target server using a man in the middle (MITM) attack on the HTTPS connection. (There should really be a security warning in the Ansible docs.)
The best alternative seems to be NTLM/Negotiate authentication, instead of HTTPS, removing the need for an SSL certificate. Your Ansible control machine will need to be able to authenticate over NTLM as a Windows user, just like using an SMB file share.
You will need pywinrm 0.2.0 or higher for NTLM/Negotiate support.
Useful links
Why NTLM/Negotiate for WinRM - background on why it's good to avoid the complex setup to install SSL certificates by using NTLM (Ruby based but still useful)
Example Ansible setup for NTLM
More complete Ansible setup including NTLM
Certificate validation is a separate process than encryption. The communication will be encrypted. You can read more on the issues with self-signed certificates but the high level is you remove any way for Ansible to validate who exactly is on the other side of the connection an open your self to a man in the middle attack that HTTPS usually protects you from.
Here is my dilemma. Currently we run quite a few server on AWS EC2 service. Before my time, they used to configure Server images with the SSL certificate on them. Now, the certificate is about to expire and we need to replace the old one with the new one. I have read documentation on AWS in regards to uploading new certificate to IAM but it is very confusing. Is there any way, for example, using Power Shell commands to upload the new certificate to the existing servers?
Thanks in advance.
If you have certificates that are expired on existing instances and NOT on an Elastic Load Balancer, then you need to update each server as needed, on that server.
It is not an IAM type server certificate.
So you need to touch each server and upgrade. If you have AMIs for each server, you may need to create new AMIs after upgrading the certificate.
See Install certificate with PowerShell on remote server for some suggestion on PowerShell methods of installing a certificate file remotely.
Depending on your budget, you could consider using an ELB even for one instance, and installing the SSL cert there. It makes it easier in the long run to manage certs at the ELB level, rather than at the server/AMI level
I am working with a client who needs SSL on their Email and Web Site.
We have their site hosted on a Rackspace Cloud Site (Wordpress so Apache and all that jazz).
From what I can tell their Email is on an ISS server of their own.
They want to apply this SSL Cert they bought through GoDaddy and apply it to this email server and to the site on our hosting server. Now I am only a Web Developer with enough server knowledge to get sites launched and running, But I don't think you can apply the same SSL Cert on two different types of servers.
What would the solution be for this?
Would you purchase a second ssl? Is that even possible?
Sorry if this is a all completely wrong I am trying to use my limited knowledge of SSL to describe the situation.
I'm pretty sure you can use the same certificate if it's going on two servers as long as they are both using the same domain. You don't need to purchase a second ssl. The tricky part might be if the two servers require different certificate file formats.
Also, just do the CSR part on ONE of the servers (use the one you trust the most). On the other server just install the certificate bypassing the CSR part.