I'm having a bit of a problem with my SSL certificate and can't seem to work out how to get around it.
Trying to install a RapidSSL certificate to one of my websites but for some reason when i enter the certificate into cPanel it says:
modulus mismatch, key file does not match certificate. Please use the correct key file ..
I'm having trouble getting an SSL certificate setup on a domain through WHM. I was originally getting a "Modulus mismatch, key file does not match certificate." error. I contacted RapidSSL and they had me generate a new CSR for the domain and forwarded a new cert. I'm still getting the same error, which makes me think it's a server-side issue.
I have checked and re-checked the cert text to make sure I'm not putting in any extra whitespaces or anything. I know the cert must be somewhat valid because when I put it into WHM and click outside the cert box it automatically pulls up what account it is for (domain, username, ip).
Does anyone know what would cause this?
I understand that Apache documentation says that the SSLCACertificateFile directive is only valid in "server config" and "virtual host,"
[URL] .....
I would like to use a different CA bundle per-directory or location. Reason being is one directory is more strict than the other.
When i add the private key and certificate via plesk panel, i get the following error:
ERR [panel] Unable to set the certificate: Unable to put certificate file: Unable to arrange cert file: file_put_contents failed:
I am getting problem in cPanel installation, i tried 5-6 times but no success.
please find the log of the cpanel installation
...3....2....1..Fetching http://httpupdate.cpanel.net/cpanelsync/RELEASE/cpanel/ base/backend/webdisk.vbs (0)....@208.109.109.239......connected......receiving.. .100%......Done
md5sum mismatch (actual: cbd901252be59b37d33ffbd5440c888a) (expected: d0f0b90167 9da0932c023931f38ccecb)....
Thought of sharing this with all.
Issue:
Php function was returning wrong time. There was a difference of 1 hour between the server time and the php time. Due to this ,most of the functions on the site were not working properly.
Fix :
For checking the php time, put the following code in a file, say time.php
Code:
<?php
$time = time();
$result = date(”Y-m-d (D) H:i:s”,$time);
echo “Current date and local time on server = $result “;
?>
Execute the php script.
Code:
[root@localhost ~]# php -a time.php
Interactive mode enabled
Current date and local time on server = 2017-01-30 (Mon) 18:04:25
To get the server time , issue the following command :
Code:
[root@localhost ~]# date
Mon Jan 30 17:04:25 IST 2017
You can see the difference of one hour between the server time and the php time.
For fixing this, you need to install the PECL timezonedb module.
Code:
[root@localhost ~]# pecl install timezonedb
At the end , you might see the following message :
==========================
Build process completed successfully
Installing ‘/usr/local/lib/php/extensions/no-debug-non-zts-20060613/timezonedb.s o’
install ok: channel://pecl.php.net/timezonedb-2009.6
configuration option “php_ini” is not set to php.ini location
You should add “extension=timezonedb.so” to php.ini
==========================
So , add the line ” extension=timezonedb.so” to the php.ini file and restart apache.
There shouldn’t be any mismatch in time now.
Trying to restore db for my friend, was able to back up db via ssh using the username and pwd, but while restoring db in a new host get : Password mismatch error,
View 0 Replies View RelatedI have just bought a switch Cisco 3750. However, when I plugged in the uplink. The link is set to half-duplex only (auto-negoiation).
Below is the error in the "Diagnostic Log" of the log:
03:54:52: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0/18 (not full duplex), with sw6.hkg3.asianetcom.net GigabitEthernet0/21 (full duplex).
I have tried to set the port to "Full" in Cisco. But, the link drops immediately. Could anyone tell me how to fix that?
mod_security: Access denied with code 406. Pattern match "<[[pace:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[pace:]]*>" at POST_PAYLOAD [hostname "domain.us"] [uri "/_vti_bin/_vti_aut/author.exe"]
This is my mod security rules.conf file
Code:
#Enforce proper HTTP requests
SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0.9|1.0|1.1)$" "id:340000,rev:1,severity:1,msg:'Bad HTTP Protocol'"
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST|PUT|PROPFIND|OPTIONS)$" "chain,id:340001,rev:1,severity:2,msg:'Restricted HTTP function'"
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
#Generic rule for allowed characters, very broken at the moment, dont use it unless you can fix it
#Then post your fix eh!
#SecFilterSelective REQUEST_URI "!^[-a-zA-z0-9.+_/-?=]+$" "chain,id:340002,rev:1,severity:2,msg:'Restricted HTTP character set'"
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" "chain,id:340003,rev:1,severity:2,msg:'Content Length not provided with POST'"
SecFilterSelective HTTP_Content-Length "^$"
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$" "id:340004,rev:1,severity:2,msg:'Dis-allowed Transfer Encoding'"
#HTTP response spilting generic sigs
SecFilter "Content-Length:.*Content-Type:.*Content-Type:" "id:340005,rev:1,severity:2,msg:'HTTP response splitting'"
#HTTP response spilting generic sigs
SecFilter "Content-Length:" "chain,id:340006,rev:1,severity:2,msg:'HTTP response splitting'"
SecFilter "Content-Type:" chain
SecFilter "Content-Type:"
#deny TRACE method
SecFilterSelective REQUEST_METHOD "TRACE" "id:340007,rev:1,severity:2,msg:'TRACE method denied'"
#XSS insertion into Content-Type
SecFilterSelective THE_REQUEST "Content-Type:.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript:)" "id:300002,rev:1,severity:2,msg:'XSS attack in Content-type header'"
#Don't accept chunked encodings
#modsecurity can not look at these, so this is a hole
#that can bypass your rules, the rule before this one
#should cover this, but hey paranoia is cheap
SecFilterSelective HTTP_Transfer-Encoding "chunked" "id:300003,rev:1,severity:2,msg:'Chunked Transfer Encoding denied'"
#Code injection via content length
SecFilterSelective HTTP_Content-Length ";(system|passthru|exec)(" "id:330003,rev:1,severity:2,msg:'Code Injection in Content-Length header'"
#broad cross site scripting rule
#False alarms are a problem with this, use with caution
#SecFilterSelective THE_REQUEST "<(.|
)+>"
#generic recursion signatures
SecFilterSelective REQUEST_URI "!(alt_mod_frameset.php)" "chain,id:300004,rev:1,severity:2,msg:'Generic Path Recursion denied'"
SecFilterSelective THE_REQUEST "../../"
#generic path recurision sig
#generic recursion signatures
SecFilterSelective THE_REQUEST ".|./.|./.|" "id:300005,rev:1,severity:2,msg:'Generic Path Recursion denied'"
#generic bogus path sigs
SecFilterSelective THE_REQUEST ".../" "id:300006,rev:1,severity:2,msg:'Bogus Path denied'"
SecFilterSelective POST_PAYLOAD "[[:space:]]+...+;" "id:300007,rev:1,severity:2,msg:'Bogus Path denied'"
#Generic PHP exploit signatures
SecFilterSelective THE_REQUEST "(chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)(.*);" "id:330001,rev:1,severity:2,msg:'Generic PHP exploit pattern denied'"
#Generic PHP exploit signatures
SecFilterSelective POST_PAYLOAD|REQUEST_URI "<?php (chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)(.*);" "id:330002,rev:1,severity:2,msg:'Generic PHP exploit pattern denied'"
We need a MANAGED dedicated server for a client we are developing a website for. They will do most of their sales online.
Here is what we have found: As far as a managed dedicated server, the BEST company we have found that offers 24/7/365 phone support and has their own in-house hardware tech staff is RackSpace.
However, RackSpace is a little pricey (starts at around $400/month).
Is there any other REPUTABLE company available that offers MANAGED DEDICATED SERVERS WITH 24/7/365 phone support and in-house hardware tech support at a better price? Everytime I call RackSpace, I get a human being on the phone...NEVER an answering machine.
We want to put our client's website in the best hands possible.
With that said, are their any suggestions at a better price that match the support of RackSpace?
Thank you VERY MUCH for your helpful insight. We need to launch the site in a couple of weeks.
There is a new page on Rackspace's website where they are offering to match the price of any hosting company that sells the same package of specifications. It sounds like there will be no compromise on the standards of service included in the deal.
View 6 Replies View RelatedI wonder any provider still offering Price Match policy?
I saw some before but not anymore.
I want to match a query string with modrewrite , the problem is that my query_string has a url as value:
%{QUERY_STRING} next=https://play.google.com/store/apps/details?pepe=1
and it doesn't work for me.
input='next=https://play.google.com/store/apps/details?pepe=1'
patttern='next=https://play.google.com/store/apps/details?pepe=1' => not-matched
but if I had to match only the uri , it works , the problem is when I try to add parameters to the query_string url:
http://someurl.com?next=https://play.google.com/store/apps/details?pepe=1
Is there any way to match that kind of query_string?
Hello,
I have two similar VPS plans with identical software setups.
I installed APF Firewall on VPS A, modified the conf.apf file to
change the interfaces to venet0 and set monokern to 1 and
then opened all the ingress ports required. Started the firewall
with 'service apf start' and everything went fine, and everything
is working fine with no errors.
I did the same on VPS B but when I start apf I get the following
error that reoccurs during the startup sequence:
iptables: No chain/target/match by that name
While the firewall does seem to be running (by checking iptables -L)
I am unable to download files on the VPS, via wget or yum ...
After downloading httpd-2.2.29-win32.zip and generating SHA1 and SHA256 checksums from the file, they do not match the checksums posted on the download page.
View 4 Replies View RelatedTaken from apache error logs, are these below legit or false alarms per se? This same customer is having issues with php sendmail (server uses php 5 w/ phpsuexec enabled)
[Thu Feb 21 17:02:02 2008] [error] [client 216.9.250.112] mod_security: Access denied with code 406. Pattern match "!^[0-9a-z]*$" at COOKIE("PHPSESSID") [hostname "www.clientdomain.com"] [uri "/%23URL.ImagURL%23"]
[Fri Feb 22 10:13:18 2008] [error] [client 189.24.155.203] mod_security: Access denied with code 406. Pattern match "',''));" at POST_PAYLOAD [hostname "clientdomain.com"] [uri "/xmlrpc.php"] ....
OS = CentOS 6.5 (Final)
Plesk version = 12.0.18 Update #7, last updated at July 11, 2014 12:46 PM
I have been trying to make my sites better suited to anti spam measures. The only warning I have left to work out is:
Warning - Reverse DNS does not match SMTP Banner
In the Plesk settings i do have the outgoing mail setting set to Send from domain IP addresses and use domain names in SMTP greeting - still I get the warning.
I am using Post fix. This is a 1and1 dedicated server and I am using custom name servers for this domain. I believe the smtp banner is matching the main ip and not the domain.
I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]
For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?
I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...
View 2 Replies View RelatedI am running Apache on a Windows server and it is up and running.I downloaded and installed:
Apache 2.4.9 Win32 [Apache VC11 Binary] httpd-2.4.9-win32-VC11.zip
And included ModSecurity from download: modules-2.4-win32-VC11.zip..
The version of ModSecurity is mod_security-2.7.7 . It is up and running, but I get a warning:
ModSecurity: Loaded PCRE do not match with compiled!
Here's the difference in the PCRE from the logs:
PCRE compiled version="8.33 "; loaded version="8.34 2013-12-15".
The compiled version does not match the loaded version. Is this something I should be concerned about and try to find compiled versions that match?
Say I have 2 websites and they all use file.php which is located on mainserver.com/file.php.
I want to use the file like this:
website1.com/file.php
website2.com/file.php
I need to setup SSL.
I've never used SSL on any of my websites and I've never really understood how the certificates work.
I understand that SSL is used as a secure connection protocol (https://) and that it needs a valid certificate so that the encrypted data transfer can be committed.
OK makes sence, but why do some websites seem to have such difficultly setting up valid certificates?
You can setup SSL by with Apache + OpenSSL, but why do website hosting providers still allow you to purchase SSL certificates (isn't it supposed to be free)?
Finally, is it possible to setup SSL for a multiple-domain (Victual Host) server?
I have a client who requested me to do a website for his credit union company.
Some of the pages are forms that require customers to enter crucial information ie ssn etc etc. I told him that this can be broken into..and therefore he would need a secure way of transmitting this information. Therefore would the SSL certificate work for this issue? Where do i get one? We have a dedicated server and do i need to configure anything on that? Where can i get a trusted SSL Certificate, and ofcourse help to install it.
if you could recommend a place to get a certificate... I have seen many people talking about that you could get a rapidSSL for $15 +/- , but I was not able to find any sites that low.
View 14 Replies View RelatedA year ago I bought a Geotrust quick SSL vertificate from my dedicated server host for about 299.
Now I see companies like server tastic selling the same Geotrust cert for $79 ehen Geotrusts website is still $299. How can that be? what am I missing here.
who offers the best package?
View 5 Replies View RelatedIf your provider has a self-signed ssl.. anyway you can import those into clients like Outlook or Windows Mail (formerly OE6 on XP)
To stop the nagging prompts.. or is there a setting to stop prompts?
I purchased an EV SSL Cert, and all is fine. Installed via cPanel, and I get the green address bar in Firefox, but not in IE.
Comodo (the vendor) have an Auto-Enhancer feature which automatically tells IE to give me a green bar. They state in their FAQ the following instructions to install the feature:
Replace the bundle file that is in use for the web site.
Use the 'SSLCertificateChainFile' directive instead of the 'SSLCACertificateFile'/'SSLCACertificatePath' directives.
I have download a .CA-BUNDLE file from them.
Please tell me, now what do I do? I am at a lost at their instuctions, and going by my dealings with them, I think I can get help from you guys more accurately and quickly.
The server runs WHM/cPanel 11 with Apache 2 with mod_ssl. Full root access, but I am a Linux newbie.
I do web hosting (reseller); how much, in USD per year, do you think is a "reasonable" fee to charge clients for a shared SSL connection ?
The SSL is going to cost me $$ per year and I may have some use for it, but if clients want a shared SSL, instead of buying their own, I need to apportion the costs I incur somehow, and (maybe) make some small profit. I see the shared SSL as more of a service, but clients should pay _some_ $$ if they want to use one.
Any ideas on how much I should charge, please ?
Thanks,
Peter