organizations certificate has been revoked - SSL BROWSER ERROR

June 10th, 2008

So, you installed a cert… all appears fine… but, now in IE7, you are getting the following ERROR:

“This organization’s certificate has been revoked.”

But, you don’t believe that its really a revoked cert ?

Ok, do the following:

Go to Tools - Internet Options - Advanced.
Scroll down to Security.
Remove the two check marks beside the settings to do with revoked certificates.
Click on Apply.
Exit IE7.
Open IE7 and try the site again.

If the SSL site now works without any warnings, then you know that the certificatess has been revoked.

Contact the SSL issuer about why the SSL CERT was revoked.

E-Mail Forwarding Off Network Issues

May 19th, 2008

Listen Now! - Robert Mandrake discusses E-Mail Forwarders, and how setting them up to forward email off network is a bad thing.

Ok, this is the NEW ONE

NEXT

Networksolutions.com is registering domains when you check for domain availability…

March 3rd, 2008

Here we go again… in this unregulated internet that we live in… its like the wild west…

So, you go to www.networksolutions.com, and you check to see if a domain name is available… sure, everyone has done it… they are the biggest… they were the first… the godfathers of domain name registrations… oh yea, and they havent always been known to be the kindest when it comes to doing business with the little guys…

well, here we go again… if you thought you had heard everything… now, netsol is going to “temporarily reserve” your domain name if they feel like it for up to 4 days… just for checking to see if the domain name is available… here is the link to the policy, including the pertinent information:

http://www.networksolutions.com/legal/legal-notice.jsp
Use of our Web site search tools to search for the availability of domain names is subject to our customer protection measure, which may result in the searched domain names being temporarily reserved and available for registration only at NetworkSolutions.com for up to 4 days. When the reservation period ends, the domain name will be released back to the registry and will be available for registration through any registrar. If you wish to remove the reserved status of a domain name for which you searched, please contact customer service at 1-800-333-7680 for assistance. To read more about our customer protection measure, please click on the following link (or cut and paste it into your browser): http://about-networksolutions.com/customer-protection-measure.php

Am I the only one who has a problem with this ???

ManDrake

cgi scripts not working - getting 404 page not found error

September 27th, 2007

ok, as you know,

if a perl script is written incorrectly, the error that your browser should show is: Internal Server Error.

So, if you are getting a 404 page not found error on a perl / cgi script…

the problem is going to be one of the following:

1. wrong permissions on the file - cgi scripts must be chmod 755

2. cgi not checked in modify account in WHM

3. httpd.conf virtual host entry may be missing the ScriptAlias entry for cgi-bin - so the server would be trying to use the system cgi-bin instead of the one in the account’s public_html directory.

www.NoMonthlyFees.com - SSL Certs that need CA Bundle

August 28th, 2007

Make sure that you always install the CA BUNDLE when setting up a CERT if it was bought from www.NoMonthlyFees.com

—–BEGIN CERTIFICATE—–
MIIETzCCAzegAwIBAgIQHM5EYpUZep1jUvnyI6m2mDANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHdhcmUwHhcNMDUwNjA3MDgwOTEwWhcNMTkwNzA5MTgxOTIyWjBvMQswCQYD
VQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0
IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5h
bCBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/caM+by
AAQtOeBOW+0fvGwPzbX6I7bO3psRM5ekKUx9k5+9SryT7QMa44/P5W1QWtaXKZRa
gLBJetsulf24yr83OC0ePpFBrXBWx/BPP+gynnTKyJBU6cZfD3idmkA8Dqxhql4U
j56HoWpQ3NeaTq8Fs6ZxlJxxs1BgCscTnTgHhgKo6ahpJhiQq0ywTyOrOk+E2N/O
n+Fpb7vXQtdrROTHre5tQV9yWnEIN7N5ZaRZoJQ39wAvDcKSctrQOHLbFKhFxF0q
fbe01sTurM0TRLfJK91DACX6YblpalgjEbenM49WdVn1zSnXRrcKK2W200JvFbK4
e/vv6V1T1TRaJwIDAQABo4G9MIG6MB8GA1UdIwQYMBaAFKFyXyYbKJhDlV0HN9WF
lp1L0sNFMB0GA1UdDgQWBBStvZh6NLQm9/rEJlTvA73gJMtUGjAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAQIwRAYDVR0f
BD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmly
c3QtSGFyZHdhcmUuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQByQhANOs4kClrwF8BW
onvUOGCSjRK52zYZgDXYNjDtmr5rJ6NyPFDNn+JxkLpjYetIFMTbSRe679Bt8m7a
gIAoQYFQtxMuyLnJegB2aEbQiIxh/tC21UcFF7ktdnDoTlA6w3pLuvunaI84Of3o
2YBrhzkTbCfaYk5JRlTpudW9DkUkHBsyx3nknPKnplkIGaK0jgn8E0n+SFabYaHk
I9LroYT/+JtLefh9lgBdAgVv0UPbzoGfuDsrk/Zh+UrgbLFpHoVnElhzbkh64Z0X
OGaJunQc68cCZu5HTn/aK7fBGMcVflRCXLVEQpU9PIAdGA8Ynvg684t8GMaKsRl1
jIGZ
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIE0TCCA7mgAwIBAgIQCx/lLJIzxLB48bhxFnxkhzANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTA2MDExOTAwMDAwMFoXDTE5MDcwOTE4MTkyMlow
XDELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHlNlY3VyZSBCdXNpbmVzcyBTZXJ2aWNl
cywgSW5jLjEkMCIGA1UEAxMbU2VjdXJlIEJ1c2luZXNzIFNlcnZpY2VzIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiQCbVxzRHQHNBMg9P0+cIr8
ABqNGGF2IP1JV69NoLGg/0ItoOFGmp8gSvpO2L4PSbPh+G8tfOSSO1YrdNCwrn5x
3z/1yudxVnmU1Bjw7Lhewmg0zhXQwyA/IpWIm+jm0aQWZEWsqKvYva3sY4ld4rFY
PAjBhmtU1HeKgC/BH70/el5HZDn+2+9Rz1vH2W6oKuWUx7lUNh/TRy7bDBkhkHsM
EICqntSn1H1vFf040cPdJSQydI/gzIWkm0pTn504UWIN+SRbo65J+7EoCMp8g4CB
yW2lRNZzJRNXFESp8pPAAgFDh4UxDiiWX8DQp1jVJ0fC4i895Lw1IB14YwLxsQID
AQABo4IBejCCAXYwHQYDVR0OBBYEFDiWWigtX0Mkl/XU+Y87hyXQya+2MA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYB
BAGyMQECAgowewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
Y29tb2RvLm5ldC9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBhgYIKwYBBQUH
AQEEejB4MDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9BZGRU
cnVzdFVUTlNlcnZlckNBLmNydDA5BggrBgEFBQcwAoYtaHR0cDovL2NydC5jb21v
ZG8ubmV0L0FkZFRydXN0VVROU2VydmVyQ0EuY3J0MBEGCWCGSAGG+EIBAQQEAwIC
BDANBgkqhkiG9w0BAQUFAAOCAQEAGk8tzcltvwhtKN+iJ+LMy61NSkvoakZ64SgI
Gb4Oqee+GY3InvbjHtonk7CLh5aXa7KKwTDjq+m1RNTYOYQ9RBACwDyHtyfV2pCv
Z0y6EeH2jOCyFaV8CjAiotJfePFwrvx5lskvSJxVC00ZeJLl6tysWC1utyvKK020
x1VO37ULlS4QFwDf162iLRIf1gCELZx7difEXpCCxegaTc5ILNNzkQ3EmsW3/BEU
ganGTr8ilY4z+xhQiSwSt6mEH59KocqCoTS93VC62n1QkLlQ2B64Wp2zTZmwpRfo
gNCukPCuzm0Htc+MVWW4Mf6GO1IZFxnjBfro5099kL+EJNvB/g==
—–END CERTIFICATE—–

Problems with GODADDY SSL Certs - browser giving warning

August 2nd, 2007

If you are using a GODADDY SSL CERT, you may be getting a warning when you use some browsers such as Firefox or Netscape… the warning would say something like:
Unknown error, or not trusted, etc

You will need to download their their chain file, here is what how to do that:
wget https://certificates.godaddy.com/repository/gd_intermediate_bundle.crt

Next, you can configure apache to recognize the CA CHAIN FILE… by adding the THIRD LINE below:

SSLCertificateFile /usr/share/ssl/certs/nomonthlyfees.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/nomonthlyfees.com.key
SSLCertificateChainFile /usr/share/ssl/certs/gd_intermediate_bundle.crt

the first two lines should already be in the httpd.conf file… just add the last line.

Restart apache!

Best Practices - Mailing Lists

July 31st, 2007

Mailing lists are great, they are powerful, and when used correctly can be very beneficial to your website.

BUT, what you don’t want is a member of your mailing list to accuse you of spamming.

Here is the very best way of protecting yourself from being falsely accused of spamming to your own OPT IN email list:

Every single piece of email that you ever send to your Mailing List MUST contain the following:

1. First and most important is the statement that explains why they are getting the email.
So, if you are nomonthlyfees.com and you sell web hosting, and you are contacting your client base about a new product you think they may be interested in, you would include something like:
“You are receiving this message because you have subscribed to NoMonthlyFees.com’s Web Hosting Service.”

2. The Second most important statement is the EMAIL address that is subscribed. The worst thing you can do is send out an email to a Mailing List and not put down what email address the recipient is subscribed as. So, the next item should state:
“You are subscribed as: WebHost@NoMonthlyFees.com.”

3. The last and equally as important is the UNSUBSCRIBE instructions. If you don’t have UNSUBSCRIBE instructions in every single email, you will get tagged as a spammer. So, the next item should state:
“To unsubscribe from NoMonthlyFees.com Mailing List, please use the following links instead of replying to this email.”
And then of course provide the unsubscribe links. Failing to make unsubscribe process automatic for the customer will never be good. People are wary of emailing someone they already think is a spammer, as that was a tactic used by early spammers.

So, just to SUMMARIZE, make sure that every single piece of Mail that is sent to your MAILING LISTS has all of the following:

1. A statement that explains why they are getting the email.
2. A statement that clearly states which EMAIL address is subscribed.
3. A statement that clearly states how to unsubscribe quickly and easily.

Follow these best practices and you should stay out of trouble.

HERE IS AN EXAMPLE of what it would look like in an actual EMAIL

You are receiving this message because you have subscribed to NoMonthlyFees.com’s Web Hosting Service. We periodically send emails to keep you informed of changes to our service, invoices due, and occasionally we will send you an advertisement.

You are subscribed as: WebHost@NoMonthlyFees.com

To unsubscribe from NoMonthlyFees.com Mailing List, please use the following links instead of replying to this email.
Unsubscribe Link

watch out for www on SSL Certs

July 31st, 2007

Ok, with normal domains and browsing, you should be able to type in anywebsite with or without the www.
So, nomonthlyfees.com is the same as www.nomonthlyfees.com

BUT, if you are working in SSL this is not the case.
Because an SSL Cert has to be attached to a specific domain and NOT a domain ALIAS (which is was www.nomonthlyfees.com actually is), you have to choose which way you want to access your SSL server.

If you want to access your sites SSL with the www., then you must specify that when you are setting up the cert with your web host.

Sometimes the SSL will still work for the domain alias, but you will get ERRORS from the web browser and your site visitors wont like it.

So pay attention when dealing with SSL.

cgi scripts not working in SSL

July 30th, 2007

cgi scripts were not working in SSL, yet they worked when you ran them in normal http mode.

So, I tested to see if the SSL working by itself…

Yes, just running https://NoMonthlyFees.com totally worked…

but, when I tried to run a perl cgi test script out of the cgi-bin, it just stopped working…

so, I checked the httpd.conf and found the problem.

PROBLEM was: there was no cgi-bin ScripAlias setup for the SSL portion of the httpd.conf entry…

so, I went in, and added the line:

ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/

restarted http, and boom, it worked.