[ad_1]
Solving a hostname security warning:
The first time a user tries to log in to WHM on a newly-installed server, they see a security warning. It can be scary, especially for users on a trial license running cPanel & WHM for the first time.
This happens because most modern browsers display a warning whenever a user tries to visit a site or domain with an invalid or self-signed certificate.
cPanel & WHM attempts to secure your server immediately after installation. First, it installs a self-signed certificate to secure the server. Then, it requests a free hostname certificate from our Certificate Authority to secure the server.
However, sometimes a user does not set a resolving fully-qualified domain name (FQDN) as the server’s hostname. So, the Certificate Authority cannot issue a certificate for the server. The self-signed certificate remains on the server, and the new user will see a warning when they try to log in to WHM.
Updating a hostname with an invalid or self-signed certificate:
To allow the Certificate Authority to issue a certificate, we will automatically issue hostnames to newly-installed servers without a resolving hostname.
The installer script checks the hostname of a newly-installed server. If the hostname does not resolve to the server’s IP address, the script requests an automatically-issued hostname from “cprapid.com” domain. The “cprapid.com” nameservers assign a subdomain and point it at the server’s primary IP address. The server will use that subdomain as a hostname to request a certificate from the Certificate Authority and install it.
How soon the certificate will be available post-install depends on a lot of factors. It may be a few seconds to a few minutes. By the time the user logs in to WHM for the first time, the certificate should be installed and ready, so no security warning appears.
Free Hostname limitations and solutions:
The auto-issued hostname only issues an FQDN under the cprapid.com domain and points it to the main IP address of the server.
You cannot manage the subdomain or delegate the subdomain to any other server. The subdomains are stateless and reference the IP address of the server. If the IP address is 192.0.2.25, the hostname will be 192-0-2-25.cprapid.com. You are not able to manage or change where the subdomain points.
To create subdomains for DNS servers and other services, such as nameservers and FTP servers, you must set the server to use a hostname at a domain that you control.
How to change a server’s hostname:
We strongly encourage users to replace the auto-issued hostname with an existing domain or purchase a new domain to generate a hostname. Using your own domain name and hostname will help establish your company’s brand.
To change the server’s hostname, use WHM’s Change Hostname interface (WHM >> Home >> Networking Setup >> Change Hostname).
After a user changes the server’s auto-issued hostname to their new hostname, the Certificate Authority will issue a new certificate for the server, and the change should be seamless.
Caveats of auto-issued hostnames:
Depending on your hostname configuration settings and installation scripts, there are a few scenarios where users will still experience issues.
- A partner disables the free hostname certificate service for their customers in Manage2 (Manage2 >> Dashboard >> Company >> Update Company Information), the server will still use the self-signed certificate. Because of this, they will see the security warning when they try to log in to WHM.
- A partner uses a post-installation script to assign a hostname to the server, the script will continue to work as expected. If partners use a pre-installation script to assign a hostname to the server, that hostname must be a FQDN that resolves to the server or it will be replaced by an auto-issued hostname.
These changes are designed to improve the onboarding experience for new users. If you’d like to share your thoughts about this update, we’d love to hear them. To contact us with your feedback or to ask any questions you might have, please join us on our official Discord channel, our subreddit, or our Forums!
[ad_2]
Source link