Help securing root and domains

[TwistAndShout]

Hello,

My actual OVH VPS will be terminated, so I have to migrate to another one. I took a new VPS and added CPanel, I will try to do it all by myself , wich I can only achieve with your help .

1st thing : securing the root and the domains with a free certificate, but it doesn't seem to be working.

I go to the root, I choose "manage Autossl" Manage_auto_ssl.png then I enable this Autossl for the users enable_auto_ssl_for_users.png.

I wait 10 minutes, I force refesh the browser, but nothing happens.

The root is still unsecured root_not-secured.png.

Then when I run an AutoSSL on the user account, I get an error message : user_ssl_error.png that says :

DNS DCV: The DNS query to “_cpanel-dcv-test-record.domain.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=YmoKaaWiu_jmll5Jmj4cJ3oqVNPyboeYyxe3OGbPbsaR9p3qqXpfkK6nb2oDw5Dd”.; HTTP DCV: The system queried for a temporary file at “https://domain.com/.well-known/pki-validation/B4B48C82565E5FC5D1421A6B37E37862.txt”, which was redirected from “http://domain.com/.well-known/pki-validation/B4B48C82565E5FC5D1421A6B37E37862.txt”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “domain.com” resolved to an IP address “1.2.3.4" that does not exist on this server.


I guess I forgot something, can anyone put me on the right direction ?

Many thanks in advanced .

 

[cPRex]

Hey there! AutoSSL is one of the last things that should be done as part of the migration. In fact, if you migrate with the Transfer tool, you won't need to manually perform any work with the AutoSSL system.

Does the DNS for the domains point to the new machine yet? If not, I would expect you to get the errors you're seeing.

 

[TwistAndShout]

if you migrate with the Transfer tool, you won't need to manually perform any work with the AutoSSL system.

Does the DNS for the domains point to the new machine yet? If not, I would expect you to get the errors you're seeing.

Thanks for your answer, I didn't know there was a migration service, apparently it's free cPanel Migration Services and Guides | cPanel & WHM Documentation. I haven't pointed the DNS yet, as the 3 website to be transfered are currently on live and working, so this is delicate maneuver.

I have open a ticket to request CPanel's migration service, I hope it will help.

 

[cPRex]

As long as you are coming from one of the listed operating systems on that page, we'll be happy to help with that migration!

 

[TwistAndShout]

As long as you are coming from one of the listed operating systems on that page, we'll be happy to help with that migration!

Thanks for your help, I opened an expedited ticket for migration.

 

[cPRex]

That sounds great - if you need anything else here, just ask!

 

[TwistAndShout]

Does the DNS for the domains point to the new machine yet? If not, I would expect you to get the errors you're seeing.

Hello,

I am back on this thread, as I was able to transfer by myself with UpDraftPlus. Now I am trying to secure the account by purchasing a certificate, but indeed I have an error message : SSL error 1.png and SSL error 2.png.

Yet I would like to test the website in order to see if the migration was a success, and I would like to do it with a secured access, but without changing the DNS yet.

Is that possible ?

If yes, I guess that I have to create an DNS zone in .txt with the url given by the error message ?

Thanks in advanced.

 

[cPRex]

That actually won't be possible. In order for the SSL tools to verify the site, the DNS needs to be in place first. This is also the case with AutoSSL. If the site works as-is without the certificate in your testing, I wouldn't expect the SSL connection to change that behavior.

 

[TwistAndShout]

the DNS needs to be in place first.

Got it with thanks.

So if I understand well, I just have to point the A entry to my new server IP ? Is there anything else I shall do to point my domain name to my new VPS ?

 

[cPRex]

As long as the A record resolves so the pages work, I would also expect the SSL validation to work.

 

[TwistAndShout]

As long as the A record resolves so the pages work, I would also expect the SSL validation to work.

Thanks @cPRex , it has worked, we are getting closer and closer. Now, the domain name has https, but the Cpanel hasn't Cpanel unsecured.png, although it looks locked on the SSL/TLS Status.

How can I secure the CPanel ?

 

[cPRex]

In that screenshot you are referencing two different domains - the URL is using the hostname of the server and the red box is specifically for your site's domain. If you try accessing cPanel with your site's domain does that get the SSL working? If things are configured normally at that host I would expect that to work properly.

 

[TwistAndShout]

If you try accessing cPanel with your site's domain does that get the SSL working?

Yes, when I access Cpanel via URL, this is secured. So job done, is my configuration safe enough ?

 

[cPRex]

Yes - that's all you need is to use that correct URL and the SSL works properly. I'm glad that's all it ended up being.