daskunk
Members-
Posts
85 -
Joined
-
Last visited
-
Days Won
3
Everything posted by daskunk
-
[Solved] Renew Expired SSL Certificate for daskunk.heliohost.org
daskunk replied to daskunk's topic in Escalated Requests
Thank you so much -
Thank you so much for handling this
-
Thank you so much, really appreciate it.
-
Hello again Is there anything else I need to do on my end for the new SSL certificate to take effect? I did double check to ensure the two crt files and private key were properly copied into /home/daskunk. Please let me know if I need to take any further action as my users are unable to access my site. Thank you again so much for your help
-
Sorry about that and thank you for merging the emails. I'll stick with this forum and monitor this post for when the SSL certificate files I just uploaded have been successfully installed. Thank you again.
-
OK I was able to work through the generation process using zerossl and uploaded these files ca_bundle.crt certificate.crt private.key to my /home/daskunk directory. Thank you very much if you can install them
-
Hello Admins My SSL certificate just expired as well.. All was fine 2 hours ago but now I can no longer access my web site. I'm getting similar messages on my laptop and phone Firefox detected an issue and did not continue to daskunk.heliohost.org. The website is either misconfigured or your computer clock is set to the wrong time. It’s likely the website’s certificate is expired, which prevents Firefox from connecting securely. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. My domain is daskunk.heliohost.org I'm also on Tommy I know you're very busy with the Plesk migration but any help would be very much appreciated. Thank you
-
My sincere thanks to the Heliohost team for all the behind the scenes work and especially for keeping Tommy running all this time. Also thank you to those doing the Plesk beta testing. I just have one question regarding the upcoming account transfers so I can plan accordingly over the next few weeks. The question pertains to both my files and my psql DB. I know account backups were performed last month, but what is going to happen after the account transfer is complete? For example, if I were to upload some brand new files to my domain today, when the transfer completes and I can log into my new "Plesk account" will I see the new files from today or will I see the file set that existed when the backup was performed last month? (Same question for adding new info into the DB). This will help me decide which tasks to focus on for the next 2 weeks. Thank you again.
-
Got it .. thank you again and good luck. Very much appreciate (in advance) all you will be doing.
-
First thank you for the info. Now I have a much better idea what it's all about. Second, rest assured I would never purchase/install cpanel. How long do you estimate it will take to migrate Tommy? That would definitely influence my decision on the VPS. Thank you again
-
I'm not familiar with the Heliohost VPS option. I read the info in the Wiki but do I retain all the same capabilities as I had before (minus CPANEL of course)?? In other words, are all my files and postgresql databases copied over, and can I still run PHP scripts, access the database, etc with the same storage, or is it meant to just host static web pages? As far as transferring files, does it also allow FTP/SFTP? Sorry if they are dumb questions but I just need to know if my site can still function as before (from the end user perspective). Thank you.
-
That is wonderful news regarding the recent agreement with Plesk. I completely understand the need to take down Tommy and rebuild it. For my situation I have to decide whether to simply wait it out or to set up a temporary solution (such as the VPS). To help with that decision, could you offer a "ballpark" estimate of how long you anticipate Tommy being out of service and when it will begin? I would also be happy to make a donation to help defray the costs.
-
Thank you again everyone for all the help. I am quite convinced the problem is on our side and related to the security software we are required to use. It was never an issue before, so something on my site must've inadvertently triggered an alarm and now the domain is being re-directed. If I force the DNS resolution to use specific servers I get the correct IP address but I can't make it permanent. The "personal" computers are all working fine. To be honest I'm more concerned right now about this recent CPANEL development. I saw the news post and can someone explain what happens next? I was literally in the File Manager (working on my other problem looking to see what files might've triggered a security issue) and then I saw the page about the licenses. Is there going to be some way to view/edit the files on our site? I'm literally in the midst of making updates to my site. Instructions on how to proceed is greatly appreciated. Thank you again.
-
Thank you for that information, it's very helpful. We are continuing to track down the source of this filtering and/or erroneous DNS lookup.
-
Thank you again and this time I think you found the gold nugget! The problem appears more egregious than I first thought. Seems the domain name is being hijacked or re-routed. On the "bad" laptop if I ping daskunk.heliohost.org I get 146.112.61.106. If I try to go there directly I get a security message saying that address is blocked. If I ping krydos.heliohost.org I get 65.19.143.6 and that one works fine. So then I grabbed a "working" laptop (which doesn't have the same security software), and on that one daskunk.heliohost.org is 65.19.143.6. Also on that laptop when I view the certificate for daskunk.heliohost.org I do see the cpanel cert. The 2 laptops are sitting here next to each other so they are using the same network, router, IP provider, etc. So this OpenDNS stuff must have to do with that bogus 146.112.61.106 address. I don't know how or why the domain is getting re-routed (or hijacked) to 146.112.61.106 but I'm going out on a limb here and guess that address has no connection to Heliohost whatsoever! This also explains why the FTP won't work. I will check with the others who are having the problem and see if they are also being re-routed to 146.112.61.106. BTW> I found where the "OpenDNS" stuff is coming from. 146.112.61.106 resolves to hit-adult.opendns.com. I can't thank you enough for all your help. If you happen to know of any other tips or suggestions or any ideas on how this can happen, please pass them along. Thank you again.
-
Thank you again for doing that. Does it take some time to propagate? I've cleared my browser cache and history, completely exited and restarted Firefox, but no matter what I do it still seems to be grabbing the old one. Is there anything else I need to do to get the new one? Also I didn't get an email like I did last night when you generated the new one (if that makes a difference).
-
Yes if it's not too much trouble could you switch it to the same one as krydos.heliohost.org? At least then if it doesn't work I should (theoretically) get a different error message. Sorry for the trouble. As you can see it has no trouble authenticating the krydos cert. Thank you again
-
Thank you again for all the testing and help thus far. We did some further testing on our side and we are getting certificate errors on multiple platforms (Windows 10 and IOS Bug Sur 11.3.1 and 11.4). The problem is not our ISP (as we all use different ISPs nor is it our laptops (per se)). However we do think it's related to our security package (the common denominator amongst us). We tested several laptops without this security package and they all work fine. Even though the certificate is valid and newly generated, is there any possibility that this could be our issue since the certificate issuer is OpenDNS? https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbrella-Root-CA Our browser updates are part of the security package we use, and thus we don't normally install any add-ons This is the error I get in FireFox when trying to add daskunk.heliohost.org as an exception and I click on Get Certificate The krydos.heliohost.org certificate is not issued by OpenDNS and does not have the Cisco Umbrella Secondary SubCA piece. We have no trouble accessing krydos.heliohost.org Is there a way we can get a certificate generated similar to krydos.heliohost.org on daskunk.heliohost.org? Thank you again
-
As for the zip timestamp issue, thanks for the link but it doesn't help. Again I did a very simple test. Using CPANEL, I zipped 2 files in one of my folders, downloaded the zip to my laptop, and looked inside the zip file. The timestamps on both files are exactly 4 hours off. For example, looking at one file, on Tommy the timestamp is June 22, 10:15 PM (which is correct, that was the local time when the file was put there). In the zip file, it shows June 23, 2:15 AM which happens to be the UTC time of the file (my local time + 4 hrs). When my account was migrated over a year ago, I noticed it and asked about it. I don't remember the exact response, but apparently you were aware of it and it had something to do with how Tommy is configured compared to Ricky. I was just wondering if there's any way to resolve it. Thanks again
-
Sorry I don't have any other IPs to provide that are causing trouble. It only seems to be my site (daskunk.heliohost.org). As I mentioned earlier about half of my users have no problem at all accessing it so I know the site is not "generally blocked". We are trying to determine (for the handful of us having the problem) whether it's "locally blocked" by the security software we have and what happened on July 4th to start blocking us. I did try ftp and sftp. The problem in both cases is a connection time out. I did a very simple test ftp daskunk.heliohost.org // connection time out ftp krydos.heliohost.org // connected immediately So it seems our laptops are blocked from any type of connectivity/communication with daskunk.heliohost.org
-
Thanks again for all the testing. Yes we are seeing the problems on multiple browsers & devices but these are all under a common security application. The other users outside of this group (and even an old laptop I have which is totally non-associated to this group) all works fine. The reason we weren't sure it was on our side was because all information we're getting is there were no changes or updates during the July 4th weekend. Yet everything worked fine on Saturday and somehow broke on Sunday. I'm sure you understand that given the trouble began on a holiday (and a Sunday) we were leaning towards something being down on your side. I was traveling all of last week so I couldn't look into it until the past 2 days. We are trying to find out what happened on our side. Either it simply doesn't like the domain name (daskunk) anymore and somehow thinks its a malicious or unsafe site --or-- it doesn't like the content on my site. But I hid the entire public_html folder structure and still got the security violation. Which makes me think it's "daskunk" because krydos.heliohost.org works just fine! One thing that I was wondering if you could do that could help if it turns out these laptops are permanently blocked ... when my account was migrated to Tommy I noticed that whenever I compress (zip) files and then use CPANEL to upload/download the zip file, when I extract the zip, the time stamps on all the files is off. The time stamps change from their correct local time (ET for me) to UTC time. So the end result is the file on my laptop winds up being 4 hours different from the file on Tommy after doing the zip-upload/download process. That never happened on Ricky. I would routinely zip a bunch of files on my laptop, upload them via CPANEL, and extract them in the CPANEL File Manager and the timestamps were maintained. But not on Tommy. Is there any way to fix that? I could live with it before because when I needed to maintain timestamp accuracy I would just FTP the files. But now that I can't FTP to the site either, literally the only working tool I have now is CPANEL. I would really be grateful if this could be helped. Thanks again
-
I discovered something else that might be helpful. I can no longer ftp to daskunk.heliohost.org. I get a connection time out error. That also happened on July 4th but I assumed it was the system. I just tried it again and it's still failing. However I was able to make an ftp connection to krydos.heliohost.org. So if you can think of something common between the web site SSL certificate and not being able to make an ftp connection, that may be a clue. Earlier I tried numerous things with hiding/deleting files in case the problem really has to do with content, but nothing I tried made any difference. I even renamed my public_html folder so as to hide all the files, and still got the SSL certificate error.
-
Thank you again for trying that. Unfortunately I still am getting the Security warning. I made sure to clear my browser cache and restart Firefox Someone could be trying to impersonate the site and you should not continue. Websites prove their identity via certificates. Firefox does not trust daskunk.heliohost.org because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates. Error code: SEC_ERROR_UNKNOWN_ISSUER Also I received an email indicating the certificate was renewed. It shows 7 error messages. Should I be concerned about those? AutoSSL has renewed “daskunk.heliohost.org”’s Domain Validated (DV) SSL certificate. The new certificate lacks 7 of the website’s domains: mail.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “mail.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. www.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “www.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. cpanel.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “cpanel.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. webmail.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “webmail.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. webdisk.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “webdisk.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. cpcontacts.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “cpcontacts.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. cpcalendars.daskunk.heliohost.org (checked on Jul 13, 2021 at 2:09:49 AM UTC) There is no recorded error on the system for “cpcalendars.daskunk.heliohost.org”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV. If these domains do not need valid SSL, then you do not need to take any further action. However, if you want AutoSSL to secure these domains, you must resolve the above problems.
-
Again thank you for the information and the link. Interestingly the krydos link works fine! Simply substituting daskunk for krydos in the url causes the security failure. So it seems like it's something specific to my site and something that changed between July 3 and 4. So I'll have to start backing out recent changes to see if I can figure it out. Thank you again so much for the help.