How to Install an SSL Certificate on a Shared IP

It was kind of annoying in the midst of cPanel 11?s release when cPanel discontinued the ability to install an SSL certificate on a shared IP. Sure, you can do it as ‘nobody’, but this tends to mess up things when you have open_basedir set up or you’re using suPHP. Sometimes you might not have another IP to use, or you’re using an IP-based monitoring system and don’t want to complicate things. I, personally, prefer to install my shared SSL certificates on the shared IP. But that’s just me…and I’m right about everything.

There is a crafty way to get around this limitation, though it does require root access and it can be a little tedious when it’s something you have to do on a normal basis. Come on cPanel, just let us do this again so we don’t have to keep coming up with workarounds. I assume at this point that you already know how to use WHM to install a certificate, and you’re aware that the hostname for the certificate has to correspond with a user already on the server.

First, hop into WHM ~> Install a SSL Certificate and Setup the Domain and install the SSL normally, BUT, in the user field, put ‘nobody’ and finish the installation.

Now that the certificate is installed, you need to force cPanel to accept its fate to allow a shared SSL on the main IP. Go into /var/cpanel/userdata and run the following commands, noting that $user should be replaced with the username owning the SSL domain, $ssldomain.

mv nobody/$ssldomain_SSL* $user/

replace nobody $user — $user/*

Then edit ./nobody/main and remove the SSL domain from the sub_domains list, and run /scripts/rebuildhttpdconf to rebuild the Apache configuration, then restart Apache for the changes to take effect. Voila.

IF this is a shared SSL certificate (meaning, other users on the server can call it via https://$ssldomain/~$user):

You’ll want the SSL to show as the shared certificate on the server, which you can either select from the dropdown in WHM ~> SSL Hosts, or run:

echo $sslhostname > /var/cpanel/.sharedcrtname

If you use mod_php with open_basedir, and/or you have mod_userdir enabled, you need to exclude the user ‘owning’ the SSL certificate from both, to allow other sites on the server to use its certificate. These can both be set in WHM ~> Security Center

How to find an anonymous spammer on a Plesk server

If you are seeing spamming in a plesk server from the ID anonymous@hostname, then we need to find out the spammer account
For doing the same use the following steps

1) Let’s take a look in the mail queue and read one of those spam email references:

# /var/qmail/bin/qmail-qread

remote ankush_krishna2137@yahoo.com
6 Jan 2012 09:14:53 GMT #34012584 2987

2) Now we have a message ID, let’s search for the actual message:

# find /var/qmail/queue/ -name 34012584

/var/qmail/queue/info/0/34012584
/var/qmail/queue/remote/0/34012584
/var/qmail/queue/mess/0/34012584

3) Great! Now let’s see what’s in the message to get out that all telling UID:

# cat /var/qmail/queue/mess/0/34012584

Received: (qmail 9936 invoked by uid 10820); 6 Jan 2012 09:14:50 +0000
Date: 6 Jan 2012 09:14:50 +0000
Message-ID: <20120106091450.9934.qmail@server.microliteX.com>
To: annette@recdom.wandoo.co.uk
Subject: Urgent Reply
From: Mrs.Farida Waziri

4) Let’s map the UID to a domain name on the Plesk server:

# cat /etc/passwd | grep 10820

admin947932:x:10820:2523::/var/www/vhosts/thisisthespammer.com:/bin/false

5) Spammer caught :D

apf installation

1. wget http://www.rfxn.com/downloads/apf-current.tar.gz
2. tar xvzf apf-current.tar.gz
3. cd apf-9.7-1
4. ./install.sh

You must run the installation as root because configuration files are placed in /etc/. Once this is done, you will have an initscript to start APF in /etc/init.d/ and the configuration files located in /etc/apf/. The primary configuration file is /etc/apf/conf.apf.

To configure the firewall, edit /etc/apf/conf.apf. A few important variables to set include:

EGF="1" # enable outbound packet filtering
IFACE_IN="eth0" # inbound interface to filter
IFACE_OUT="eth0" # outbound interface to filter
DEVEL_MODE="1"
The DEVEL_MODE option should only be used during testing. This sets up a cronjob that runs every five minutes to disable the firewall — useful if you muck something up. When the firewall is working, you must set DEVEL_MODE=”0″. Change the IFACE_IN and IFACE_OUT ports to suit your system; on a VPS it might be “venet0″, for instance.

Next, you will need to define which ports are allowed.

There are a lot of other entries in the configuration file and it’s likely worth reading them over and tweaking as necessary. For the most part, the defined defaults are fine. The only exception is if you are using a kernel with the iptables module compiled into the kernel, rather than available as a loadable module, which is often the case for a VPS. In that case you will need to also set SET_MONOKERN=”1″ in the configuration file as well.

then /etc/init.d/apf restart

You are done!

Roundcube database error

If you found database error on roundcube then do the following
mysqldump roundcube > roundcube.sql
mysqladmin drop roundcube
mysqladmin create roundcube
mysql roundcube < /usr/local/cpanel/base/3rdparty/roundcube/SQL/mysql.initial.sql
/etc/init.d/cpanel restart

INSTALLATION OF PLESK ON ANY LINUX SERVER

Plesk is 10.2
Plesk is a leading control panel used in many hosting providers today. Plesk is avaliable for both windows and linux machine. The latest stable version of

Use the One-Click Installer utility to perform a clean installation of the Panel in one step into any Linux OS. The utility automatically determines your operating system and installs the latest version of an appropriate distributive in the typical configuration.

One-Click Installer works only on Linux OSes.

To install the Panel, run one of the following commands on behalf of the superuser:

- If you have the wget utility, run

wget -O – http://autoinstall.plesk.com/one-click-installer | sh

- If you have the curl utility, run

curl http://autoinstall.plesk.com/one-click-installer | sh

- If you have the fetch utility, run

fetch -o – http://autoinstall.plesk.com/one-click-installer | sh

SSL Certificates Installation in Plesk Administrator

Installing your Plesk Server SSL Certificate

Download the Primary, Intermediate, and Root certificate files from your DigiCert account.

Login to the Plesk Control Panel.

Select 'Domains' from the left hand menu.

Click on the domain name that the certificate is for.

Click on the 'Certificates' menu item.

You will have the option to either "Upload certificate files" or "Upload certificate as text." Either way will work fine for your purposes.

To upload the files - just click "Browse" next to the "Certificate" box and navigate to the location of the your_domain_name.crt file you received from DigiCert.

Then, next to "CA certificate", click and browse to the DigiCertCA.crt file. Select it, then select 'Send File'. This will install the certificates against their corresponding Private Key.



To Upload certificates as text - Open your_domain_name.crt and DigiCertCA.crt as text files and copy the entire body of those files into the boxes provided under "Upload certificate as text".

The your_domain_name.crt should be uploaded as the "Certificate", and the DigiCertCA.crt as the "CA Certificate".

Next, click on Server > IP Addresses, then click on the IP Address for your Web site.

Change the certificate for your site to use the new SSL Certificate you have just installed.

Click the 'Server' item from the left hand menu.

Click on the 'Service Management' menu item.

Stop and Start the WEB Server (Apache) to activate the certificate.

NOTE: Restarting Apache will NOT work. You must stop the service, then start it again to complete the installation.

Troubleshooting:

If your web site is publicly accessible, our SSL Certificate Tester tool can help you diagnose common problems.

Open a web browser and visit your site using https. It is best to test with both Internet Explorer as well as Firefox, because Firefox will give you a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors. If you immediately receive a browser message about the site not being available, then the server may not yet be listening on port 443. If your web request takes a very long time, and then times out, a firewall blocking traffic on TCP port 443 to the web server.

If you receive a "not trusted" warning, view the certificate to see if it is the certificate you expect. Check the Subject, Issuer, and Valid To fields. If the certificate is issued by DigiCert, then the Intermediate certificate is not correctly installed.

Passive FTP Plesk

To enable passive mode for FTP connections on your server:
1 Log in as “root” to the server shell over SSH.
2 Edit your ProFTPD configuration file.
a Issue the command vi /etc/proftpd.conf
b Add the following lines anywhere within the section:
PassivePorts 49152 65534
c Save the file
3 Log in to Parallels Plesk Panel as “admin”, go to Modules > Firewall, and
click Edit Firewall Configuration.
4 Click Add Custom Rule.
5 Specify the following:
a Rule name
b Direction: select Incoming.
c Action: select Allow.
d Ports: in the Add port input box, enter the value 49152-65534. Leave the TCP
option selected, and click Add.

PassivePorts 60000 65535