Starting next week, our in-house developed ACME client will go live and you’ll be able to issue and install a free Let’s Encrypt SSL certificate for the majority of your WebFaction hosted websites.
We will enable this feature in two waves. On Monday, the 17th of September, 2018, at 13:00 UTC for all websites on cloud servers and, baring any major issues, for websites on shared servers a week later, on Monday, the 24th of September, 2018, at 13:00 UTC.
We’ve already updated our control panel documentation to include instructions on how to secure your websites, but if you have any questions feel free to raise a ticket and our support team will gladly answer any questions you might have.
Please note that there are currently three limitations on our custom ACME client:
there is no support for wildcard domains
it is not possible to enable or disable a Let’s Encrypt certificate using our API
no certificates for webfactional.com subdomains. If you have one in your https websites, you will need to remove it before issuing a certificate
All are in our road-map to work out in a future version.
Also note that Let’s Encrypt has set some rate limits, which you can review here. Our control panel will show an error if you try to hit them.
UPDATE: Our ACME client is now enabled on all sites hosted on cloud servers.
You can now manage SSL/TLS certificates with the WebFaction control panel! In just a few clicks, you can:
generate certificate signing requests
upload or copy and paste certificates
choose which certificate to use with each of your websites
Effective immediately, you can secure a site without opening a support ticket. But if you run into any problems, the support team is still available to help you out. Because we’re sure you’re eager to start managing certificates on your own, we’ve enabled the feature now, but we’re working to make managing certificates even better over the coming days, with complete documentation, API support, and more.
But as of today, you can upload a certificate and private key from any certificate provider through the control panel. If you don’t already have a certificate, you have a few choices when it comes to getting one:
You can use your server’s default, shared certificate, though visitors will get an error message warning that the connection may not be secure.
You can buy a certificate from a certificate provider (typically your domain name registrar can provide this service).
You can get a certificate from Let’s Encrypt, a certificate authority that provides free 90-day certificates.
The new functionality is available in the panel under “Domains/Websites > SSL Certificates”.
We’re really excited about Let’s Encrypt! It’s a great project that’s helping to make secure sites practical for everyone. And though we’re not ready to announce anything yet, let’s just say that we want Let’s Encrypt and the control panel to work very well together.
Update: As of 12 October 2016, our documentation and API have been updated to include the new SSL certificate management features!
This is the third in a series that’s going over what’s included in your WebFaction account. In today’s installment, we’re taking a closer look at the control panel.
There’s a lot going on the control panel because it’s the hub of every WebFaction account. Nearly every part of account management, from billing to disk usage to applications to support, has a part to play in the control panel. And that’s by design: the control panel is often the first and last place you need to go to manage something to do with your account.
For example, the control panel is your account’s virtual postmaster, with the ability to create and manage email addresses and mailboxes. Common tasks, like setting up autoresponders and forwarding mail can be managed from the control panel, without requiring complicated configuration files.
One area of the control panel that we’re particularly fond of is our one-click installers. With the control panel, you can install a bunch of popular applications with the absolute minimum of hassle. It’s such an important part of the control panel, we did awholeseriesofblogposts on just one-click installers.
Of course, sometimes you don’t want to have to actually click anything. That’s why many things that you can do with the control panel can also be done with the XML-RPC API. With the API, you can automate many control panel tasks, like creating email addresses or managing DNS overrides. The API even knows a few tricks that the control panel doesn’t, so check out the API documentation for a tutorial and reference.
Lots of web hosts have control panels, but many use off-the-shelf packages that are designed for the generic idea of web hosting. We’ve made our own control panel that’s designed for our customers’ use cases and our service’s strengths. We have the flexibility to improve the control panel, and do things like add a new feature without waiting on a vendor’s release schedule. We’re proud of the control panel and strive to make it the best tool possible for our customers.
A few days ago, we quietly introduced a much-requested new feature to the control panel: granting extra SSH and SFTP users access to directories. We made this two-minute screencast about managing extra user accounts that covers the new feature:
Now you can grant an extra user access to a particular directory right from the control panel. It’s much faster and less error-prone than doing so in a shell session manually. While it’s not a substitute for fine-grained access control, it’s perfect for dealing with the common case of granting a user access to a particular application or subdirectory.
So check out the screencast and give the new feature a try. If you have any questions, join us in the Q&A Community.
As many of you have probably heard a serious security issue (dubbed the “heartbleed bug”) was found in the OpenSSL library yesterday. This is a very serious issue as this library is used to encrypt a large percentage of the Internet’s traffic, including web and email.
The security issue could allow anybody to access parts of the encrypted traffic as well as the secret keys used to encrypt that traffic.
What we have done
As soon as we were made aware of the issue we started updating the OpenSSL version used by our various systems and we replaced the SSL certificates that we were using.
As of now all of our systems have been patched and all of our SSL certificates have been replaced.
What you should do
We are not aware of any data having been compromised but there is a possibility that some may have been so as a precaution we recommend making the following changes:
If you are using SSL certificates for your sites there is a risk that your certificates have been compromised. So we recommend that you ask your certificate provider to re-issue your certificates and then open a ticket for us to replace your certificates with the new ones.
Once you have replaced your SSL certificate, you should consider that the data secured by your old SSL certificates may have been compromised. Change any passwords or other credentials that were encrypted by your old SSL certificates.
We recommend that you change your WebFaction control panel password. Although the WebFaction control panel wasn’t vulnerable (it uses a different version of the OpenSSL library) the SSL certificate that it uses may have been compromised because it was also used by other sites which were vulnerable. So there is a small possibility that some control panel passwords may have been compromised.
If you’re using phpMyAdmin or phpPgAdmin on our servers you should change these passwords.
If you are using our email services we recommend that you change your email passwords.
This is the second post in an in-depth series on what’s included with your WebFaction account. In today’s installment, it’s time to take a look at email. Email’s easy to take for granted, but your account includes several email features that ought to make life with email a little easier. Let’s look at the highlights:
Spam filtering We take broad measures to prevent spam from reaching your inbox, like rejecting mail from servers that are misconfigured or known to be operated by spammers. We also run SpamAssassin, an open source tool for detecting spam, to give a spam score to every incoming message. With the control panel you can choose how spam messages are handled: have them immediately discarded, have them put into a spam folder or, for advanced users, have them processed with custom filtering rules.
Automatic mail tools Aside from spam detection, you can set up other ways to automatically deal with email. You can forward incoming messages to another address, or you can set up autoresponders to let people know when you can’t respond yourself. You can even choose to direct incoming messages to a script to process with your favorite programming language.
Many ways to get your mail Once you’ve received mail, you have several ways to access it. You can configure your mail client to access mail stored on the server with IMAP, or to download mail with POP. To send mail, you can use SMTP. And if you don’t want to run a dedicated mail client, you can log in to WebFaction’s webmail interface.
Unlimited email addresses Feel free to set up as many email addresses as you like. You can add addresses with the control panel, and you have the flexibility to have a single mailbox receive messages for multiple addresses. You can also receive as much mail as you like, provided you don’t exceed your account’s disk space limits.
With this set of features, email with WebFaction can be used in a variety of ways. Individuals can set up their favorite email client or use the webmail interface to exchange mail with friends and family or clients and colleagues. Likewise, your web applications can benefit from email communications, like sending welcome email or password reset messages.
We hope this post gives you a better idea of the mail capabilities of your WebFaction account. For more details, check out our mail documentation, and if you have any questions, join us in the Q&A Community.
Previously in the “Your WebFaction account” series:Servers
It’s time for another installment in our ongoing series about the one-click installers available with the control panel. Today’s look is at project management tools. Project management tools are handy for keeping up with the plans and changes of a software project. Project management tools offer features like version control browsers and ticket trackers. With the control panel, you can install two such tools: Trac and Redmine.
Trac has an impressive array of features, including a wiki, a ticket tracker, a roadmap and milestones tracker, and a whole-project timeline of recent activity (like version control changes and ticket updates).
WebFaction’s Trac installer comes in two variations: one for use with Git repositories and another for use with Subversion repositories. Make sure to choose the version that matches your version control repository. (A while back we blogged about adding Git support to our Trac installer).
Like Trac, Redmine offers a bunch of features, like a wiki, issue tracking, and time tracking.
Unlike the Trac installer, the Redmine installer doesn’t link directly to another repository application; you can configure repositories after Redmine is set up. It even supports multiple projects, with public and private permissions, if needed.
Django is a fun and handy Python web framework, so it’s not exactly a surprise that it’s one of our more popular one-click installers. Given that popularity, we’ve created a short screencast that shows you how to create a simple website with Django and a static media application:
The screencast demonstrates several common installation and configuration steps that most Django sites on WebFaction need, but it’s not comprehensive. Depending on your needs, some additional steps may be required. To learn more about setting up Django on WebFaction, see our Django documentation. If you have questions, join us in theQ&A community.
Today we’re excited to unveil the latest change to the WebFaction hosting service: a new design for the WebFaction control panel.
This new design is the most visible change but under the hood it comes with a complete rewrite of the software powering the control panel. This new system should allow us to add new features quicker.
As always, please let us know what you think in the comments. We’ve tried to work out all the bugs ahead of time, but there’s no substitute for the keen eye of our customers, so if you run into any problems, join us in the Q&A Community for help.
A database created with the control panel runs on your server’s shared database process. The shared server is more convenient than configuring your own and doesn’t count toward your account’s memory usage.
Different applications have different needs, so every WebFaction server supports both MySQL and PostgreSQL. MySQL is extremely popular and is used in several of our one-click installers, including WordPress and Drupal. PostgreSQL is growing in popularity and sports some exciting features, like procedural languages PL/Perl and PL/Tcl.
Once you’ve created your database of choice, it’s easy to connect to it and start storing data. Check out these documentation sections:
Although the shared database and the associated documentation is convenient, it’s not necessarily for everyone. That’s why we recently introduced a one-click installer for private MySQL and PostgreSQL instances. A private database is a good option if you’re facing problems with contention on the shared database or if you want to customize the database configuration.
And, of course, you can always set up and run a specialty database from your home directory on your own. For example, check out our instructions on installing MongoDB.
For more details, see the WebFaction User Guide page Databases. If you have any questions, let us know in the comments or join us in the Q&A communtity.