LetsEncrypt SSL

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • bhills
    Member
    • Mar 2004
    • 75

    LetsEncrypt SSL

    A suggestion.

    Automaticly add a LetsEncrypt SSL certificate for each domain in cPanel reseller accounts. I don't know the mechanism for this but this is being done at another host I use and it is great. Very handy. Free. The https://mydomain.com is already set up to go and all I have to do is add a few lines in .htaccess to point to it.

    Setting up https on a domain is not something I do often so when I do, I previously had to take the time to re-educate myself to get it done. This LetsEncrypt addition to the dathorn servers would be a very nice added benefit.
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    #2
    We do fully plan to activate this feature at some point going forward. It's not long been included in the stable cPanel builds and there are still a few items they need to address before we can consider it ready to use across the board.

    Comment

    • bhills
      Member
      • Mar 2004
      • 75

      #3
      Thanks. That sounds great...

      Comment

      • calipoop
        Junior Member
        • Apr 2006
        • 4

        #4
        I'm looking forward to the Let's Encrypt feature as well. Subscribing to this thread! Thanks.

        Comment

        • shalom_m
          Member
          • Mar 2004
          • 56

          #5
          Any news on this feature?
          Is there a step by step manual available?
          Some of my clients have lost the on-line messaging ability.

          Comment

          • AndrewT
            Administrator
            • Mar 2004
            • 3653

            #6
            We do not have a specific ETA at this time. cPanel 62 will include some of the changes we're needing and should be released as a stable build late this week or next week. Further testing will be necessary once this has occurred.

            I'm not sure what you're referring to in regards to "lost the on-line messaging ability". This thread wouldn't really have any impact on that. Browsers, like Chrome, are simply flagging pages as not secure when login forms are present and being submitted over unencrypted HTTP.

            Comment

            • shalom_m
              Member
              • Mar 2004
              • 56

              #7
              Firefox 51 effectively blocks method="push" to non secure addresses.

              See: https://www.fxsitecompat.com/en-CA/d...ed-by-default/

              Comment

              • AndrewT
                Administrator
                • Mar 2004
                • 3653

                #8
                That link notes the Firefox equivalent of what I mentioned about Chrome in my previous reply. Both browsers are warning users about submitting login information on unencrypted connections. Doing so has been a bad idea all along and now browsers are simply warning about it.

                Let's Encrypt is coming. We just want to make that all issues and feature limitations are ironed out first. Our focus is always on stability and security first, with new features being enabled as they can meet our requirements. Meanwhile, you're more than welcome to install an SSL certificate via some other means, paid or otherwise, if needed. You can even use Let's Encrypt manually per the forum thread just below this one, here.

                Comment

                • shalom_m
                  Member
                  • Mar 2004
                  • 56

                  #9
                  Thank you Andrew,
                  I will wait a little longer as you suggested.
                  Leading edge is all well and good as long as it does not morph into bleeding edge.

                  Comment

                  • SeanCustomer
                    Junior Member
                    • Jun 2006
                    • 16

                    #10
                    Will the deployment of LetsEncrypt resolve the problem where iOS 10.3.x devices are not trusting certificates from Dathorn?

                    If anyone has a more immediate solution, please let me know. Every time I check my phone, I'm getting multiple warnings that the certificates are not trusted (and in the latest versions of iOS, there is no longer a mechanism to manually trust).

                    Comment

                    • AndrewT
                      Administrator
                      • Mar 2004
                      • 3653

                      #11
                      That is unrelated and you're seeing it as a result of the server's certificate having been renewed. iOS 10.3 has no issues with the certificate. If you're using your own domain as the mail server, this will naturally not match the server's certificate and result in the trust issue. You can change your mail server to the hostname of your server instead to avoid the mismatch. The issue with more recent iOS versions is that it often doesn't give you the option to "Continue" as it did before. If you require further assistance please submit a ticket for support.

                      Comment

                      • Fern
                        Junior Member
                        • Nov 2006
                        • 2

                        #12
                        Any update on LetsEncrypt and its availability on Dathorn servers?

                        Comment

                        • AndrewT
                          Administrator
                          • Mar 2004
                          • 3653

                          #13
                          The features and fixes that we require are included in cPanel 66 which reached an Edge build last week. Once it makes its way to a Stable build, which usually takes several weeks, we'll do some more testing and update all servers accordingly.

                          Comment

                          • Fern
                            Junior Member
                            • Nov 2006
                            • 2

                            #14
                            Andrew, so are you saying at that time LetsEncrypt will be implemented, or that it still depends on your testing results?

                            Comment

                            • AndrewT
                              Administrator
                              • Mar 2004
                              • 3653

                              #15
                              We test all updates before applying them to any live servers so that we can try to avoid as many issues as possible. We don't really expect any issues with this but you never know.

                              Comment

                              Working...