Installing LetsEncrypt SSL Certificates on CentOS + cPanel Servers

At the time of this writing, LetsEncrypt is in public beta and already in high demand. This service is a new certificate authority that allows you to generate your own signed certificates in an effort to improve security.  At present there is a feature request for providing this functionality in cPanel. You can also use…

Read more

cPanel Update Fails Due to RPM Conflict

The cPanel update fails due to a problem installing RPMs, but is not specific about what the problem is: [20160203.180007] Testing if the newly downloaded RPMS can be installed without conflict [20160203.180007] Testing RPM transaction [20160203.180012] [20160203.180012] ***** FATAL: Test install failed: [20160203.180012] The Administrator will be notified to review this output when this script…

Read more

Upgrading OpenSSH on CentOS 5 or 6

Note: This is an update from our 2011 post. If you’ve taken a peek at your PCI scan results lately, you may have noticed that your scan provider is now requiring OpenSSH 6.6 or higher due to CVE-2014-2532 – a version that is not currently available in the CentOS 5 or 6 repositories. A Yum update isn’t going…

Read more

CloudLinux or BetterLinux?

UPDATE 6/18: Shortly after this was posted and one of the major hosting companies I’m affiliated with removed BetterLinux from their servers due to stability problems, BetterLinux announced that they are shutting down, effective July 1st. Customers ask us all the time whether they should use CloudLinux or BetterLinux on their servers, and what differences exist…

Read more

Resolving MS15-055 on cPanel Servers

If you’re a hosting provider with cPanel servers that were set up prior to version 11.46, you may be hearing from customers using Outlook ever since MS15-055 was released by Microsoft on May 12.  This most recent Outlook upgrade prevents the software from connecting to a POP or IMAP server that uses DH keys that are…

Read more

de-POODLE-ing: How to Disable Support for SSLv3 on a cPanel Server

The latest security buzz this month is about the SSLv3 POODLE vulnerability, and how SSL version 3.0 is now officially designated as insecure, joining its predecessors versions 1.0 (unreleased) and 2.0.  This effectively concludes the life cycle of the SSL protocol in favor of TLS.  This post will give you a brief overview of what POODLE…

Read more

Log in