jesse
Members-
Posts
16 -
Joined
-
Last visited
Everything posted by jesse
-
So I assume the emails in that account count towards the overall server disk quota just like any other email account? The reason why I'm worried about spam is because I'm hoping to explode on social media eventually. They do. On cPanel systems, mail is just another file. Take a look in <homedir>/mail/cur/. You'll see a bunch of really strangely named files that each represent a single email. As long as you don't give out that email address, which is typically in the form cpanel_username@tommy.heliohost.org, you should be fine. Nobody uses the default account, and cP recommends you don't for exactly this reason. The problem is my cpanel username is very short, simple, and somewhat common. I shouldn't have picked one so simple when I created the account, but I didn't know I'd have an open email address with the same name afterwards. I'm assuming it's very difficult to change the account username since there's no option for it in the UI. Yeah, I saw those options. Grateful for SA. Long version: These default mail accounts actually predate the internet itself. Even at the beginning of computing in the early 70s unix was designed to be a multi-user system, and before computers could even really communicate with each other users on these old systems could send messages to each other. Bob might send Steve a message "Hey, I installed pine!" and the next time Steve logged in the command line would tell him that he had mail. Eventually clever people began forming networks of computers and the internet rolled into existence. Mail from these early computers was adapted to not only be able to send mail locally, as it had originally been designed on the same physical machine, but send the mails out over the network to another computer. TLDR: The default mail address is part of linux not cpanel. OH, now it all makes sense. So you'd have to change my linux account name. Has it been attempted before w/having cpanel installed? Did it break all the things?
-
That sounds potentially useful, but it means I can't just ignore all email sent to the address either. Argggggg I wanted to set a filter with "Fail with Message" action. Is there a list of addresses I can whitelist on the account from cron et al? So I assume the emails in that account count towards the overall server disk quota just like any other email account? The reason why I'm worried about spam is because I'm hoping to explode on social media eventually.
-
The default email account username is the same name of the cpanel login. Is there any way to change that? (For security, and to avoid future spam.) Thanks. EDIT Well, I think I found my own answer buried in the cpanel docs: So... what good is this email account? Its only use seems to be to hold undesired spam, and there's no way to set a quota. Probably an artifact from a different era? I'd be interested to know the best solution for this.
-
I couldn't find any documentation on the folder, although it's very hard to search for. I tried making a script to automatically do it: I initially used cpanel UI to install key and cert. This made 2 files in the ~/ssl/key and ~/ssl/cert folders with unique/hashed filenames. It also added entries to ~/ssl/ssl.db, which is just a plain text file (not sqlite or anything like that). I created a script to generate new key and cert files, simulating a renewal. It uploads those new files into the respective folders, using the same filenames that were generated by cpanel for the previous files. Unfortunately, changes did not automatically take effect - the old files were still in use. Went to CPanel -> "SSL/TLS" -> "Update Certificate" -> "Autofill by Domain". Magically, the new cert appeared, but not the new key!! (I have no idea on that one.) However, if you go to "SSL/TLS" -> "Manage SSL" -> "Private Keys" -> "Edit" existing, the new key is already showing. I just don't know why the autofill doesn't pick it up. But, you can copy the encoded key from that page and paste it into the autofill page, and it works. That process really sucks. My conclusion is that if the cpanel/WHM/whatever API is unavailable, then a custom script would need to be written to bypass/not use the whole ~/ssl folder and therefore the cpanel "SSL/TLS" module. The script invokes certbot, which automatically applies the SSL changes to apache. Users could opt-in to that and just be forewarned that SSL won't be manageable under the cpanel module from that point forward. The questionable part (to me) is getting the list of domains to apply Let's Encrypt SSL to. The only other possibility that I can think of is to automatically update ~/ssl/ssl.db with each renewal and see if cpanel likes that any better, but I'm betting cpanel is copying the key and cert elsewhere, similar to how certbot would, in order to make them active, in which case updating ssl.db would not help. So testing and setup would go something like: (Easy) Add heliohost.org to https://publicsuffix.org/ (Easy) Install certbot following official directions (Hard?) Maintain a list of domains for Let's Encrypt SSL. Get the list via a script somehow. (Easy) When someone opts-in, pass new domain to certbot to generate and install initial cert automatically. (Easy) Make a renewal script on cron that renews all domains every 80 days, for example.
- 23 replies
-
- letsencrypt
- ssl
-
(and 2 more)
Tagged with:
-
I noticed the ~/ssl folder is exposed for us to upload into. Is there any documentation for that? Can we re-generate certs locally then upload the new files to that folder, without doing anything in cpanel? Or what is the procedure? Thanks.
- 23 replies
-
- letsencrypt
- ssl
-
(and 2 more)
Tagged with:
-
Oh, I see. I had no idea. I did some research but didn't find anything like you were describing, a Let's Encrypt plugin that doesn't require WHM (only mildly confusing...), and I don't have any experience with writing plugins for cpanel. Calling the Let's Encrypt script itself and checking for successful output shouldn't be too hard, though. Let's Encrypt doesn't issue wildcard certs, but it's possible to give their issuing script a list of all domains/subdomains of everyone wanting to opt-in to Let's Encrypt. That would overcome the rate limit, and also avoid not everyone wanting to enable SSL for their site (although I don't understand that one). So, cpanel frontend could have an opt-in checkbox with a note about how long it will take for changes to go into effect, and a script in the background could be run on cron to automatically renew the cert for everyone. But then, everyone could see everyone else's domain name because they're all on the same cert. [EDITED] Researching further, there's also a limit of 100 domains per cert. It looks like the proper solution is to get added to the "public suffix list", basically a list of all shared hosting providers, by submitting a pull request on github using the second link here. This nullifies the 20/week rate limit, aka "Certificates per Registered Domain". https://letsencrypt.org/docs/rate-limits/ https://publicsuffix.org/ Meanwhile, I've simply got my own .com added to my Heliohost site, so the rate limit isn't posing a problem for me. The problem part is the automatic renewal.
- 23 replies
-
- letsencrypt
- ssl
-
(and 2 more)
Tagged with:
-
I was really looking forward to using Let's Encrypt on Tommy. So, there is currently no possibility of automatically renewing the cert and installing it? I saw that there's a Let's Encrypt plugin for cpanel on version 58.0.17, which is probably an infinitely easier solution. Any idea when that upgrade will happen? https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin Thanks
- 23 replies
-
- letsencrypt
- ssl
-
(and 2 more)
Tagged with:
-
Received Tommy Invite, But Already Created Account
jesse replied to jesse's topic in Customer Service
Created successfully, please rename my forum username back. Thank you! -
Received Tommy Invite, But Already Created Account
jesse replied to jesse's topic in Customer Service
Username: jesse It won't even let me click the "next" button. Says username is "not available". -
When clicking on the "Validate your email address" link in the Tommy invite, I am redirected to https://www.heliohost.org/signup/username/ However, I already created my account with this username and the same email address used on paypal, but I am not currently on any existing server. Receipt Number: 2362-5017-5689-8289 Does my existing account need to be deleted to re-use the username and email?
-
@Krydos @Krydos That is quite a story. I fully understand and share your "server philosophy" and willingness to help out. I started hosting my own apache server over dialup when I was in 3rd grade, without any external help and no money for a proper host. (And even if I was rich or had access to a credit card, I only hosted javascript games and things I thought were "cool" lol. It doesn't take many resources to start to learn.) I myself would help out in the forums, if I had time. But in ~4 weeks, I will most likely be leaving for the remote wilderness for roughly a year with no PC... So, it sounds like reliability is a major problem. Not much you can do as far as hardware beside closely monitoring logs, and having funds on hand for parts when the time comes. I have some stuff on hand that I have little use for, but it's probably all older than your servers. But I'm wondering whether it's primarily: A hardware reliability problemA software reliability problemNot really either, but because of an unrealistic amount of accounts sharing the same server, putting the server in a precarious state. I wouldn't have enough experience to compare Heliohost to another similar hosting service in order to say how many of these kinds of accounts is too many. I have never had to allocate resources for so many customers. I like the public TV station analogy. The difference I'm seeing is that, with a public TV station, everyone gets (partial or full) access to the service. With Heliohost, realistically, our only choice is to make a donation to get any access to any hosting service. When signing up, the other 2 server choices are showing up as full/unavailable. I understand a non-profit has to spend money and therefore has to get money in some way, but for >99.99% of new users looking at Heliohost, there is nothing being offered without a payment besides a lottery with 1 in >1000 probability, while everyone looking on the front page of the site is being told something opposite. I also don't think there's such a thing as a "required donation" for a non-profit in order to get service (excluding customer service, obviously). It's just a business. That is my understanding; however, I'm not a legal expert on such things. Ok, I'll go ahead and make a small donation and get back to you guys if I have any problems. I do appreciate the effort you took in explaining the history and your viewpoint.
-
[Solved] Error Trying To Validate My Tommy Account
jesse replied to DemonnPrincess's topic in Escalated Requests
In an effort to not hijack this thread, I've made a new one here and would appreciate the admins' consideration. As far as I'm concerned, this support request can be closed. -
I am new to Heliohost. I recently tried to create an account on Tommy, and have went through two separate issues with this. In the most recent, the window for signing up with an account on Tommy was < 2 seconds. In response, admin Krydos suggested I make a donation in order to get hosting. (That convo took place this forum thread, but discussing this there would have been a little off-topic, so I'm creating this new thread.) ....I have considered making a donation. My site will be for a small side hobby/business. Over the course of a year or two, if I make money and if I can successfully run the site on the hardware provided, I was going to basically donate a % of my profit, TBD. Also, you guys do seem to be on top of things as far as service/support which I experienced in the linked topic above, and thanks for that. On the opposite side, I really do feel deceived, and I believe what has happened to me is a deceptive practice, free or not. The front page says: "Community powered free hosting for everyone" But in reality, at least at present time, it's: "Community powered hosting for those who can hit F5/refresh in one second and win the lottery [and that's kind of ridiculous], or just pay a one time fee to get your account." It sounds like >99% of everybody looking at Heliohost for hosting is going to experience what I'm experiencing. None of that is explained or experienced until after signup, except for a hint buried in the FAQ under the question "What is a Daily Signup Limit and why is it stopping me from registering?". I really think something should be done about this. If the reality is that everybody should donate a few bucks to get hosting, then just be straightforward about it. Also, Krydos was basically up-selling me an account, after stating on the front page that you won't try to upsell me to a "paid plan". I realize it's not a "plan", but it is an up-sell. This experience has kind of soured my tongue. If this isn't the group's intent and there is something I can do to help that the admins need, let me know.
-
[Solved] Error Trying To Validate My Tommy Account
jesse replied to DemonnPrincess's topic in Escalated Requests
Thanks for supposedly fixing the error and keeping the thread open, but I still cannot sign up. I refreshed the page at 2 seconds past midnight GMT, and it told me Tommy was full... I'm not sure I believe that, but I have no past experience with heliohost. -
[Solved] Error Trying To Validate My Tommy Account
jesse replied to DemonnPrincess's topic in Escalated Requests
I have a very similar problem (should I start another thread?) with a couple differences: * I'm trying to create my account on Tommy at the "midnight window", instead of through invite. * On the server selection screen, I select Tommy and click "Next", then... * Instead of Firefox with a blank page, I get HTTP 500 with Chrome with the same URL mentioned (https://www.heliohost.org/signup/username/)