How to Install Let’s Encrypt in Cpanel

Let’s Encrypt is a popular tool to use free SSL for your website. Cpanel comes with Sectigo free ssl service through requesting and pooling system. Although, you might feel interested in getting the SSL released immediately without a queue based approach, and would prefer to use Let’s Encrypt that’s why.

There are two ways, you may install Let’s Encrypt in Cpanel.

  1. Using Cpanel Plugin

First one would be using the plugin created by Cpanel. Login to your server as root:

ssh root@server_ip

Then, run the following to install Let’s Encrypt in your cpanel system

/usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider

It might take a couple of minutes, then it should install Let’s Encrypt as a provider in AutoSSL.

Now, go to WHM >> Manage AutoSSL and select Let’s Encrypt as the provider instead of Sectigo Cpanel default. You need to check the Agreement rules under the Let’s Encrypt selection and you may create the account in Let’s Encrypt using the same tool.

Once done, your new SSLs would be issued using the Let’s Encrypt tool through Cpanel AutoSSL plugin.

2. Using FleetSSL

There is a 3rd party tool, existed before Cpanel provided a plugin for Let’s Encrypt. It’s FleetSSL. One key benefit of using FleetSSL is that, it allows the Cpanel end users to control issuing and renewing the SSL from Cpanel. One key cons of using FleetSSL is that, it is not free of charge, it comes with 30$ one time fees. But mainly hosting provider would not mind to use this as it is a nice addition for the end user feature set in a hosting provider’s point of view.

You may check for details here:

https://letsencrypt-for-cpanel.com/

Now, once you complete installing Let’s Encrypt SSL, you may now use Let’s Encrypt for different cpanel services like webmail/cpanel/whm/calenders/MTA services. You may check the following to know how to:

How to Skip WHM Initial Setup Wizard When Stuck After Upcp

If you have recently ran upcp and the WHM initial setup wizard is stuck in a URL like the following:

https://yourhostname.com:2087/cpsess*****/scripts/initial_setup_wizard1

And can not get away with it, here is the easy way to do it. Basically each setup wizard has a skip button and the button goes to initial_setup_wizard1_do, so only adding the _do at the of your initial_setup_wizard1 should do the job, like the following:

https://yourhostname.com:2087/cpsess*****/scripts/initial_setup_wizard1_do/

This should take you to the WHM home by letting you save some of the new WHM features and will not ask again for initial setups.

Quick Tips: An error occurred. Your account may be over its quota or you attempted to upload a folder – Cpanel

An error occurred. Your account may be over its quota or you attempted to
upload a folder.

The error is very obvious. It means the account is over the quota. But what if it isn’t? This error is generic, cpanel throws this, whenever it fails to upload the file, regardless of what error it returns. There is a possibility that your IDS (Intrusion detection system) is discarding the upload, so double checking the IDS log should help you to conclude that. But what if, that is also not the case?

Ok, that can actually still happen. It happens when the customer uses cloudflare and uses cloudflare to login to the cpanel using cpanel proxy and then use it to upload the file. Cloudflare sees the upload going through web and blocks it. So, just double check the domain he uses to login to the cpanel, and check whether it uses some kind of 3rd party web application firewall loaded application or not like Cloudflare. If it does, that could be the case!

How to Enable TXT Record Addition/Edition in Cpanel

By default, if you are trying to add TXT record from cpanel, you would probably see a screen like the following

It doesn’t show the option to add TXT record. Basically, cpanel won’t allow the cpanel users to add TXT record with Simple DNS Zone Editor permission. It allows adding A, CNAME & MX record with that feature/permission set. To add permission to add TXT record and other, you need to enable Advanced DNS Zone Editor for the user’s feature list. If the user is under default list, go to root WHM >> Feature Manager >> Edit Default Feature list and enable Advanced DNS Zone Editor as following:

How to create /var/cpanel/userdata files using /var/cpanel/users files

While reverting back from a reverse proxy like nginx/varnish installation, you might end up having an inconsistent /var/cpanel/userdata and /var/cpanel/users files. To be noted, /var/cpanel/userdata is used to create the httpd.conf file, while /var/cpanel/users are used to create the dns zone files. If you have an inconsistency between this two, you will have two different IP for named and httpd, which is undesirable. As the reverse proxy plays with /var/cpanel/userdata, which is why, we usually see the userdata folder containing incorrect data. Cpanel comes with a feature to reset userdata directory through it’s tools. Although, the tool uses a valid httpd.conf file or a backup to create userdata directory. Interestingly, if your httpd.conf isn’t valid that was created using an inconsistent userdata, can’t be used backward.

This is when you might require to create a /var/cpanel/userdata directory using the valid /var/cpanel/users directory. We ended up in this situation and written the following bash code to do the job for us:

#!/bin/sh

ls /var/cpanel/users/* > users.txt

while read line; do

UIP=$(grep “IP” /var/cpanel/users/$line|cut -d’=’ -f2)
sed -ie “/^ip: / c ip: $UIP” /var/cpanel/userdata/$line/*

#sed -i ‘/ip:/s/.*/ip: `echo $UIP`/’ /var/cpanel/userdata/$line/*

rm -f /var/cpanel/userdata/$line/*.cache

done < users.txt

 

The code deletes the cache files as well. Cpanel ships a script to rebuild the cache files, but for some reason it didn’t work for us. So we manually deleted the cache using rm. Please remember to backup the /var/cpanel/userdata and /var/cpanel/users directory before running the scripts.

Cpanel given cache rebuild command is:

/scripts/updateuserdatacache

Once the cache removal/build is completed, you may now rebuild your httpd conf file:

/scripts/rebuildhttpd.conf

service httpd restart

Softlayer & Blocking Mail Transport!

I remember when I first entered into the hosting business during 2004, LayeredTech used to be an unbeatable datacenter in the market. They were mostly competing with the ThePlanet at that time and both were market leaders for the users who used Datacenter premises based on monthly rent. When Softlayer started populating some of their automated system like OS reinstall, IP addition, port control etc. using the shared VLAN & BIOS level control with almost all server through the use of KVM (IPMI from Supermicro was fresher in the market, and SL started giving away a Java app ‘IPMIView’ that had access to both console and a fast tty, it used to be DRAC before from Dell, which was eventually developed by Supermicro, I believe they still do), everything started falling a part for LT. LT gradually started focusing on ‘Enterprise Only’ institution. I eventually forgot following LT over the year since 2008.

Since Softlayer had started growing, which they eventually done in extremely fast manner, they merged with multiple companies (ThePlanet was the most notable and talked), and become the largest consumer based datacenter in the world, beating OVH. Since then, I have only seen Softlayer growing, even though with a very high grade price range they have in the market.

Since they were acquired by IBM, there are complains, Softlayer is focusing more on Enterprise Customers. They have started employing several restrictions over the year. The most recent one is blocking Mail Transport & sanctioned countries in US, all over the Softlayer network (Remember Softlayer is used by many as an IP Transit, that possibly mean, you will loose customers or visitors from a non-sanctioned country if his ISP, who is possibly not Softlayer, but utilises Softlayer IP Transit).

Mellowhost, all the way back in 2004 (It had a different branding before, ‘Mellowhost’ had come in operation from January, 2007), started with 3 vessels from LayeredTech. Over the years (2005-06), we had moved to Softlayer as our primary datacenter premise. We had expanded in Softlayer for straight 8 years before we had realised, Softlayer doesn’t exactly have enough options (I will possibly going to post in details what are they) in hardware, that can utilise and bring your web hosting technology to the newest, which helps improving performance of your web server even for the old clients.

Then we basically started focusing on many other providers and geographically spreading our options over last 2 years. We have chosen providers that let us configure the server according to our choice. Not necessary colocation, but if we want, we can purchase hardwares that we want to use for our Servers (Like Crucial MX200 instead of Samsung Evo or LSI with Fastpath or LSI with Cachecade or a premium 8 bay hot-swappable chasis that is not usually done by the provider). We now utilise a complete Cloud like system where we can move our IPs from hardware to hardware whenever we want, with only restarting the virtual network device. Our system allows us to use DRDB, that can be used for network mirroring at any point of time if a client is expecting a high traffic for very specific period and wants to pay for that only.

Even though, we are almost done shifting from Softlayer, we haven’t completely left Softlayer premise yet. We still have two servers with them, one is in Houston (The premise that was previously owned by ThePlanet, used as a Houston based Shared Hosting for Mellowhost) and the other one is in Dallas (where mellowhost.com runs). Server that we have in Dallas, wasn’t my concern to worry as we have been using ManDrill for sometime now to relay our mails from mellowhost.com. So if Softlayer blocks Mail Transport for this server, this won’t be a problem at all. But the problem was with the Houston server that we have. It was indeed in my mind to switch this server to another provider, but to be honest, I have been a great fan of Softlayer over the time, and literally I have been with them since the start of this company, wasn’t at all interested to completely leave the company for my customer’s purposes.

Then again, it was impossible to add an investment for this server in a hosted smarthost like mandrill or sendgrid as the server has a large number of average emails per day. This server has been on board for last 6 straight years, hosting decent amount of long term clients. You should be able to guess the size of the emails that are sent everyday. This is basically why, we deployed an MTA as smarthost in our Psychz Dallas facility and started relaying our mails from the Houston server over 587 TLS port. This basically worked greatly, to be honest, better than expected. We have employed variant type of spam protection in this server as it had a completely different CPU to process everything, most notably ASSP with mailscanner. We were able to reduce the spam in a great number over last couple of weeks through the use of remote Mail Transport. We will have to calculate how feasible it is to employ this over all other servers that we have. Most important problem with this setup is the SPF. User’s spf should use the Relay server and the MTA both in the TXT line. We did the addition using ‘sed’ for all the current users in Softlayer server and notified the clients, but we later realised there are people who uses ‘Cloudflare’, and we had to find them to manually do the update. The process does have a lot of pros and cons, but a survey will possibly let us know how we can use this as an option for our other cpanel premises. While this goes for future, this system is essential right now for our Houston server, as the local mail transport is no more working since 2nd February, 2016, Softlayer blocked Mail Transport out!

If you are a Softlayer client, and going through the same pain of blocked mail transport, then you are in the same ship as we are, and probably want to use a relay like we did through a cost effective channel unlike ManDrill or Sendgrid.

New achievement in Digitalpoint

Let me make a quick post about being a 700 posts club member in Digitalpoint. I am using Digitalpoint since 2007, and made these 700 posts in last 3 years. My username in Digitalpoint is “mellow-h”.

Digitalpoint is one of the first place where Mellowhost had started marketing. Most of our old customers are from Digitalpoint. We are still getting lots of users from Digitalpoint regularly visiting our site or purchasing hosting. I got around 90 positive iTrader in digitalpoint. Digitalpoint has gone under couple of re-organizing in last year. One of the key reason we fall back from digitalpoint is their re-organization didn’t work out. Currently our primary target is webhostingtalk and seeing pretty decent traffic everyday. I am planning to jump over couple of more forums beside WHT and digitalpoint has come in my mind again. Lets see how it works this time. I have always missed Digitalpoint for last 1 year after their re-organization, hope this is going to be pleasing back again.

And good luck to me for having those valuable 700 posts in DP after 3 years 😮