Results 1 to 10 of 10

Thread: What are the options with the new google https warning for DA hosts

  1. #1
    Join Date
    Apr 2006
    Location
    Miami Beach
    Posts
    192

    What are the options with the new google https warning for DA hosts

    What are the options with the new google https warning? We have worked for years building our shared hosting, some have hundreds or more clients and now, google pulls this BS... Most users are punching in passwords that show up year after year on the top 10 password list anyway!
    What are our options as hosts?
    Do we need to assign ips to each user and sell them a cert?
    Is there a server wide option?
    Why is google not recognizing a user generated cert?
    This seems more like a money thing more than a security thing!
    Thanks for any input...
    Nexxterra.com Web Hosting and Domain Registration
    MassiveServers.com Dedicated servers - Unmetered bandwidth
    BuyAWebName.com Domain name registration

  2. #2
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,682
    What about Let's Encrypt? It's free and every user can install it within DA and DA itsellf will renew it automatically.

    Google is not going to accept Let's Encrypt as valid SSL cert or what?

    Best regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  3. #3
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    288
    SSL / HTTPS is better yes.

    Letsencrypt is a SSL / HTTPS option also a good one yes.

    BUT:
    - Old server / VPS with older software OS and so on doesn't have always SNI and or possible right versions of SSL and some other software ( for letsencrypt you need this or all own IP's )
    - You need more resources with SSL, and is slower.
    - all the web sites have to be upgraded somehow.

    So it is some/lot of work and costs ( not all Custommers want this kind of...), ofcourse it is better to have up to date machines , OS and software versions, ofcourse it is better to have that kind of sites with https. I totally agree!.


    This message from Chrome is almost the same as having other "to old" version of not secure enough software on your websites, as old ssl, as to old not save enough cyphers and so on, so look at it this way ...

    This message is known for a long time now , so normally everyone / hosters should / could have their custommers giving a notice/warning.
    A Marketing challenge / possibility that is ok to give that custommers a option to switch to newer VPS and also newer better contracts with ssl and helping them with their websites and so on , so see this positive from hosting point of view .
    Last edited by ikkeben; 01-21-2017 at 07:39 AM.
    DUTCH GERMAN, GERMAN DUTCH

  4. #4
    Join Date
    Apr 2006
    Location
    Miami Beach
    Posts
    192
    Do I need to assign a dedicated IP to each client now?
    I have not looked at ssl or certs in a long time.
    Nexxterra.com Web Hosting and Domain Registration
    MassiveServers.com Dedicated servers - Unmetered bandwidth
    BuyAWebName.com Domain name registration

  5. #5
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    288
    Quote Originally Posted by Nexxterra.com View Post
    Do I need to assign a dedicated IP to each client now?
    I have not looked at ssl or certs in a long time.
    Probable if long time, you also have to take a look at software versions first from OS, Directadmin, Custombuild, WEBAPps and so on so everything i think.

    After that wen the version are save secure version and the ones you need you can have a look at sni and then letsencrypt for example, this is the cheapest easiest way to solve.

    Bu i have also told you to take care of all webapps and CMS ( as KOPAGE) if they are not ready to use https everywhere ............... also every client have to change / update their websites that good support for https ....

    So you don't write/told wich versions, for a support here not so good.

    For web cms and other things as Websites this is not the right Forum you have to go there, for Directadmin, Directadmin basic provided Software, Custombuild, Custombuild "WEBAPPS", SNI, and Letsencrypt this is the right Forum i think.

    Andrea Iannucc: he told you and give you a hint so why not using Forum search , howto's directadmin and websearch for his advise?

    Oyea Updating better Late then never, but to late is.....
    Last edited by ikkeben; 01-27-2017 at 02:49 AM.
    DUTCH GERMAN, GERMAN DUTCH

  6. #6
    Join Date
    Apr 2006
    Location
    Miami Beach
    Posts
    192
    The answer to MY question at the time I posted this was YES, an IP was needed for EACH ssl cert issued, HOWEVER, since then Directadmin and letsencrypt have advanced so that ssl certs from letsencrypt can use the servers shared IP. Once properly set up the new letsencrypt plugin for DA works also for your resellers even if the reseller is assigned a different IP.
    Nexxterra.com Web Hosting and Domain Registration
    MassiveServers.com Dedicated servers - Unmetered bandwidth
    BuyAWebName.com Domain name registration

  7. #7
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,057
    Hmmz... only for ip? Because my customers and me rather use https://www.domain.com:2222 but that seems not possible. So that's why we still use plain http for directadmin itself.
    Greetings, Richard.

  8. #8
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,280
    If you want access Directadmin on several domains over https you could try this: https://help.directadmin.com/item.php?id=84
    With regards, Alex.

    Professional Server Management for web hosting companies and individuals
    Hourly Support, Disaster Recovery, Server Hardening, Monthly Subscription
    Directadmin installation and optimization

    Click here if you need a Linux Admin

  9. #9
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,057
    Thank you Alex but I would have to do that for every domain then. Just leaving out https is easier in that case.
    Greetings, Richard.

  10. #10
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,280
    You're welcome. Please note all that can be automated, or you could use old way by modifying templates
    With regards, Alex.

    Professional Server Management for web hosting companies and individuals
    Hourly Support, Disaster Recovery, Server Hardening, Monthly Subscription
    Directadmin installation and optimization

    Click here if you need a Linux Admin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •