No longer just Let’s Encrypt, cPanel offers free Comodo-backed SSL certificates

With the latest release (to the CURRENT tier, which is considered “release candidate” worthy) of cPanel/WHM, you can now obtain completely free 90 day SSL certificates from cPanel themselves (backed by Comodo) for your web site.  This requires version 58 of cPanel/WHM.  These certificates will automatically be renewed.

2016-07-18_13-35-39

This blog is already using them, and long may I do so.  As I’ve said earlier, obtaining SSL certificates for securing usernames and passwords or e-commerce is now the cheapest (e.g. free) it’s ever been.  There’s absolutely no excuse to run a web site that’s not secured by an SSL certificate now.  None.

If you don’t want to use Comodo backed SSL certificates, there will be a Let’s Encrypt plugin for cPanel/WHM appearing soon from cPanel themselves.

You’ll never have to buy another SSL certificate again!

(At least not if you are a financial organisation or need some form of extended validation/identity confirmation)

The SSL certificate marketplace is undergoing an extraordinary transformation.  Once upon a time you could expect to pay a princely sum to obtain what is called an “SSL certificate”.  This is effectively a piece of code that you install on a server (whether it be web, email, or similar) that allows you to encrypt data between two end points (a client such as a web browser and a web server, for example).  The SSL certificate allows the client (browser) to identify the server it’s connecting to.

But as the Internet has grown, the need to protect data in transit (such as usernames and passwords, credit card details, or other personal information) has also increased.  To that end there has been many attempts to provide free or cheap SSL certificates to all and sundry.  Self-signed certificates are no longer good enough.  Unless you explicitly trust a self certificate within your browser, you’ll see all manner of warning messages.  No,  a trusted third party must now be present to ensure that your communications in a web browser are secure.

SSL certificate prices have been gradually becoming cheaper and cheaper over past few years.  I’ve picked up regular domain validated SSL certificates as little as 99 cents (US) or at the most around £2-3 per year.  The drake.org.uk wildcard certificate (which protects an unlimited number of us domains with a single certificate) only cost me 40 quid for two years.

But now things are getting even cheaper – cheap enough to be FREE!

Let’s Encrypt has been one such effort to bring SSL certificates to the masses, for free.  Completely free.  Having left beta, we are going to see a lot of companies and organisations offer Let’s Encrypt as part of their product or service.  cPanel, for example, will be integrating Let’s Encrypt as part of the next major release of cPanel/WHM.  This means that providing that the server operator/hosting company you’re hosting with allows it, your web site will be protected by an SSL certificate for free – automatically.

CloudFlare is another company that’s offering free certificates.  Their free tier allows you to encrypt between their servers and your own (origin) servers – combined with an origin SSL certificate that you install on your server that provides full, authenticated encryption between CloudFlare’s data centres and your server(s).

WordPress and Sucuri are also two other services offering free SSL certificates with their services.

So as you can see – the days of the paid SSL certificate appear to be coming to an end.  The only exceptions are special SSL certificates that require additional validation and assurance – normally Extended Validation (EV) certificates – the ones you’ll normally see at a bank’s web site – the company name all in green alongside the green lock symbol.  These certificates require a lot of paperwork.  This consequently costs quite a bit more money (and time).

But for us mere mortals, we may well never have to spend a single penny on SSL certificates for our sites or services ever again.  We can encrypt for free.  And that’s a good thing.

EasyApache 4: Making cPanel/WHM more sysadmin friendly

One of the reasons for popping up to Edinburgh last week was to hear various representatives from cPanel/WHM talk about the many features of the cPanel/WHM ecosystem as well as glimpsing upcoming new features to make everybody’s life a bit more easier.

As as systems administrator of some 20 years (has it been that long?), I am most comfortable with a command line interface and a decent text editor.  cPanel/WHM provides a user friendly web interface to many of the complex tasks that one would to go through to configure a web hosting environment.  But I must admit to loving cPanel/WHM just as I love the command line because it is easier to set-up a blog like this through cPanel/WHM than it would take me to set-up nginx, php-fpm, MySQL (or MariaDB, or PerconaDB) from scratch.  That said, to get the very best out of cPanel/WHM, you should still know some Linux commands because not everything can (or should be) handled through a web interface.

As cPanel/WHM development storms ahead, we’re getting to the point where cPanel/WHM is becoming more standardised so that you’ll be able to manage it just as you would any other kind of bare bones Linux box, with full LSB compliance (with configuration files and scripts in meaningful places) along with full API and command line support for most features.

With the forthcoming EasyApache 4, for example, you can set-up Apache and PHP through the use of RPMs rather than having to wait for cPanel/WHM to compile everything for you.  I cannot tell you how much faster it is installing everything through a Linux package management system.

EasyApache 4 is still considered beta, with plans for it to be released within the next major release of cPanel/WHM – version 58, which is about 12-16 weeks away.  Beta or not, EasyApache 4 is perfectly serviceable right now.  With EasyApache 4, it’ll make it much easier for folk to run multiple versions of PHP (so older sites can run PHP 5.3/5.4 and WordPress and the ilk can run PHP 7).  Of course, one would recommend deploying CloudLinux to provide a greater amount of segregation and security for the older, potentially more exploitable apps, but this feature in EasyApache 4 makes it possible for all folk to run multiple versions of PHP side-by-side.

There will still be a user interface to configure EasyApache profiles.  Indeed, I used it to specify the relevant Apache and PHP packages for this server.  The MultiPHP INI editor is a wonderful inclusion that makes it dead simple to go through all the php.ini options and set them to your liking.  The changes will be applied to whatever PHP handler is being used.

Full PHP-FPM support is among one of the biggest and greatest features I’ve been waiting for in cPanel/WHM.  It should be fully supported in version 58, but I’m making great use of it right now with a bit of command line tinkering.  I’m running this blog (and the stats system) on PHP 7 with PHP-FPM.  It wasn’t difficult, and I find that I’m loving the performance from having made the effort.  Having nginx would be a nice have (as a web server rather than as a front end proxy to Apache), but beggars can’t be choosers and Apache 2.4’s performance is pretty decent as it is.

I’ll take the high road..

I’ve just returned from a marvellous few days in Edinburgh, having gone up there to attend the cP1Con (cPanel one-day conference).

I also spent a couple of days exploring the sights and sounds of Edinburgh, and have utterly fallen in love with the place.  I’ll post much more about that later, but in the mean time, here’s a shoddily put together video (assembled in my hotel room, on the iPad Pro)  of footage that I shot at Edinburgh Zoo.  Please note, the headless penguin isn’t headless and the one that looks to be dead isn’t. Oh, you’ll see what I mean..

(Note: the meerkats in the hailstorm isn’t a visual effect – it actually happened – a lot)