codesays Posted January 28, 2016 Posted January 28, 2016 Hello Admin, I need to IP so that I can install the SSL certificate. I have paid via Paypal. My user name is : codesayswebsite is: codesays.comTransaction ID: 41432548X3071835W My blog has some Chinese users. If possible, please give me an IP, which is accessible in China. Thanks!!!!
wolstech Posted January 28, 2016 Posted January 28, 2016 This support request is being escalated to our root admin.
codesays Posted January 28, 2016 Author Posted January 28, 2016 Dedicated IP granted. Hello Krydos! I cannot access my website with the new IP 66.220.18.188 When I access http://codesays.com, it is redirected to http://codesays.com/cgi-sys/defaultwebpage.cgi and says "HelioHost has not gotten about to installing and configuring your account yet" But when I login my cpanel account at stevie.heliohost.org, the wordpress files are there. PS: I changed the IP in my DNS name server back to 216.218.192.170, so the site is available now. But when could I switch to the new IP?
Krydos Posted January 28, 2016 Posted January 28, 2016 It takes up to 24 hours to switch just like everything else DNS or domain related.
codesays Posted January 28, 2016 Author Posted January 28, 2016 It takes up to 24 hours to switch just like everything else DNS or domain related. That is reasonable. But the error page also says: While the account is being created we suggest taking a look at your control panel. http://johnny.heliohost.org:2082/ My account should be under Stevie SSL plan, rather than Johnny SSL. Is the error page (http://codesays.com/cgi-sys/defaultwebpage.cgi) incorrect? Or am I under a wrong plan? Thanks!!!
wolstech Posted January 28, 2016 Posted January 28, 2016 Your account is on Stevie. The link on that page is incorrect. Not sure why, but I imagine it's due to the dedicated IP. The queued page for normal Stevie accounts has the right link: http://stevie.heliohost.org/cgi-sys/defaultwebpage.cgi
codesays Posted January 29, 2016 Author Posted January 29, 2016 It takes up to 24 hours to switch just like everything else DNS or domain related. Hello Krydos, the site (with IP 66.220.18.188) is still unavailable after 24 hours. It shows "Account Queued" page. Could you please have a look at it? Thanks! PS: the public DNS record is out-of-date (216.218.192.170). So if you directly access codesays.com, you will see the old website.
Krydos Posted January 30, 2016 Posted January 30, 2016 Set your nameservers to ns1.heliohost.org and ns2.heliohost.org http://bybyron.net/php/tools/dns_records.php?domain=codesays.com&rec=NS
codesays Posted January 30, 2016 Author Posted January 30, 2016 Set your nameservers to ns1.heliohost.org and ns2.heliohost.org http://bybyron.net/php/tools/dns_records.php?domain=codesays.com&rec=NS It shoud not be the DNS problem. I changed my host file. Anyway, the nameservers are updated now. But it is still not working. For chrome, the error message is: ERR_SSL_PROTOCOL_ERRORFor firefox, the error message is: ssl_error_rx_record_too_longFor safari, the error message is: unable to establish a secure connection. Could you please help me and take a look? Thanks!
Krydos Posted January 31, 2016 Posted January 31, 2016 That error looks like you generated your letsencrypt certificate wrong. I found this on the letsencrypt website documentation. Try this:you will need to append your dhparameters to the bottom of your certificate file: cat /etc/letsencrypt/live/<<< YOUR DOMAIN HERE >>>/fullchain.pem \ /etc/ssl/private/dhparams_4096.pem > \ /etc/letsencrypt/archive/<<< YOUR DOMAIN HERE >>>/fullchain_dhparams_4096.pemThen you will use this file in place of your SSLCertificateFile above: SSLCertificateFile "/etc/letsencrypt/archive/<<< YOUR DOMAIN HERE >>>/fullchain_dhparams_4096.pem" Keep in mind that if you manipulate the certificate (issue a new one, etc), you will need to repeat this step as the dhparams will not be added to that certificate!https://community.letsencrypt.org/t/howto-a-with-all-100-s-on-ssl-labs-test-using-apache2-4-read-warnings/2436
codesays Posted January 31, 2016 Author Posted January 31, 2016 That error looks like you generated your letsencrypt certificate wrong. I found this on the letsencrypt website documentation. Try this: you will need to append your dhparameters to the bottom of your certificate file: cat /etc/letsencrypt/live/<<< YOUR DOMAIN HERE >>>/fullchain.pem \ /etc/ssl/private/dhparams_4096.pem > \ /etc/letsencrypt/archive/<<< YOUR DOMAIN HERE >>>/fullchain_dhparams_4096.pem Then you will use this file in place of your SSLCertificateFile above: SSLCertificateFile "/etc/letsencrypt/archive/<<< YOUR DOMAIN HERE >>>/fullchain_dhparams_4096.pem" Keep in mind that if you manipulate the certificate (issue a new one, etc), you will need to repeat this step as the dhparams will not be added to that certificate! https://community.letsencrypt.org/t/howto-a-with-all-100-s-on-ssl-labs-test-using-apache2-4-read-warnings/2436 No, it should not be the certificate error. Probably it is Apache config error. shengyu ~ $ openssl s_client -connect codesays.com:443 -servername codesays.com CONNECTED(00000003) 2474:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-52.8.4/src/ssl/s23_clnt.c:618: shengyu ~ $ telnet codesays.com 443 Trying 66.220.18.188... Connected to codesays.com. Escape character is '^]'. GET / HTTP/1.1 Host: codesays.com HTTP/1.1 200 OK (...) As the discussion shows, "Apache should do SSL on port 443, not just non-SSL HTTP". Could you please have a look at the configuration file? Thankssss!!
Krydos Posted January 31, 2016 Posted January 31, 2016 No, it should not be the certificate error. Probably it is Apache config error.If it's a configuration error why does SSL work for everyone other than you?As the discussion shows, "Apache should do SSL on port 443, not just non-SSL HTTP".Yes, apache is "doing" SSL on port 443.Could you please have a look at the configuration file? Thankssss!!Sure. Looks good. The other 40 or so accounts using SSL (myself included) think it looks good too.
codesays Posted January 31, 2016 Author Posted January 31, 2016 Sure. Looks good. The other 40 or so accounts using SSL (myself included) think it looks good too. Thanks for your clarification! I did not mean the general configuration, which should be alright. But how about the section for my VirtualHost? I used the telnet command to simulate http request, and it successed: shengyu ~ $ telnet codesays.com 443 Trying 66.220.18.188... Connected to codesays.com. Escape character is '^]'. GET / HTTP/1.1 Host: codesays.com HTTP/1.1 200 OK (...a empty webpage was returned) If the HTTPS was deployed on 443 port, the command should not success. I tried the same thing on a SSL domain, and the return content is "400 The plain HTTP request was sent to HTTPS port". The similar error was discussed here: https://community.letsencrypt.org/t/certificate-hostname-does-not-match-site-hostname/8938/9 This is my first time to deploy the SSL certificate. Sorry if it was a stupid question.
codesays Posted January 31, 2016 Author Posted January 31, 2016 Do not know why, but it works now. Thanks!!!
Recommended Posts