WHM security for websites: so easy!

I recently started learning OpenSSL and the complexities of creating CA and website certificates. So complicated, and the online advice differs so much–there are no reliable and simple tutorials.

Then I discovered the Let’s Encrypt plugin for WHM (it has to be installed manually, using a single command, but that’s due to the previous WHM relationship with Comodo).

Wow! It takes seconds to install the plugin, seconds to enable the plugin for any desired secure websites, and minutes for a simple website to be available as a green-padlocked secure site.

I am really impressed with the support that CPanel/WHM have provided for Linux servers. Congratulations!

usually this is not the way people start with SSL

Your certificates would not be trusted by most browsers hence why public CAs such as Let's Encrypt exist

:smiley:

But it's great to hear that Let's Encrypt and WHM are working like a charm for you :smiley:

Andrei

Well, historically not openssl ca, but yes for openssl genrsa and openssl req to create private keys and CSRs! CAs have often asked people to begin by uploading a CSR, and that would be generated with an openssl req command.

Let's Encrypt does not recommend or expect workflows like this. We suggest using a Let's Encrypt client application.

Every client is different, but the overwhelming majority of them are capable of generating keys and CSRs internally, so you don't have to run any openssl commands. This might be different if you're using a web-based client to avoid installing any software locally on your computer.

I hope everyone won’t mind a general reply (my energy is limited due to cancer treatments).

Most of you understood my use cases (the development and deployment of secure websites), and you’ve offered interesting facts. I understand that LE will not act like a standard CA, in that it will not accept a CSR and SAN and return a certificate. I also understand that even if it did, it would not issue a certificate for localhost. I gather there is some way to use the local HOSTS file to obtain HTTPS access to websites under localhost (but I do not understand the instructions that were given).

As I indicated, I have no trouble creating a simple HTTPS website under WHM on a remote Linux system. This was the use case that receives my praise. So, my only remaining problem is being able to test HTTPS features locally, under localhost on a Windows computer. I still have no idea how this might be done, even if I could figure out how to use a separate .htaccess file that would run locally instead of the remote file (I guess I could write a command file to copy the right file to the right place just prior to FTPing the files to the remote site).

I was hoping for the same simplicity and reliability in applying LE to localhost as to a standard website, but so far I’m getting the message that this is impossible. I wish this use case had been included in the LE list of tasks, in spite of the fact that for me local development is done in the much disliked Windows environment. (If someone told me that development should be done on a live remote system, I would have to disagree. Similarly if someone told me that I should install Linux on my relatively tiny local computer just for the sake of website development.)

A quick rundown on hosts files - this is a file on your computer that is basically a local DNS lookup. It’s very simple, just a text file where you can define IP/domain lookups. On Linux systems, this is /etc/hosts, and on Windows it’s C:\Windows\System32\drivers\etc\hosts. Note that you’ll want to tell Windows to open it with Notepad, and you’ll need to be an administrator (elevated user) to save any changes. The best way is to run Notepad as an administrator an open the file.

The format is simply [IP Address] [Domain name] {additional domain names}, for example if I wanted to route fakedomain.com to localhost (127.0.0.1), I’d add the following line:

127.0.0.1 fakedomain.com

If I wanted to resolve two names, I could put those on one line:

127.0.0.1 testserver.fakedomain.com testserver

This way, I can go to either testserver.fakedomain.com or just testserver, and my computer would route this to 127.0.0.1 as though a DNS response told it to.

1 Like

jared.m, I know all this stuff. How does HOSTS help me test TLS on my localhost Windows Apache server?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.