My Account


On DNS and SSL
Nov 11, 2019 02:19am

Posts: 1
Likes: 0
I don't have too much experience in host managing, so I was having problems setting my website; I use Google as my domain registrar and I very much like to manage it from there, as I was trying to set up my SSL; I came across a couple of issues but I was able to solve them, perhaps my solution can be of help.

CloudFlare explains DNS (https://www.cloudflare.com/learning/dns/what-is-dns/); basically is the way "internet" can point a hostname to an IP; I found this to be very important because is by DNS software that the nameservers redirect the traffic in the data center through DNS records. A nameserver is just a server with DNS software installed; tying the two together is what allows a website to get online. A typical stream would start by you purchasing a domain name from a registrar such as Google. Once you own that domain, your web host must store its information within the DNS records to serve it up when the domain is entered.

There are a few different types of DNS records. Typically, all you need to do is update the nameserver, but knowing the different types of records can help if you need to change something down the line (https://en.wikipedia.org/wiki/List_of_DNS_record_types). For now just two are important:

- A Record: stands for address record, this points a domain to an IP.
- CNAME Record: stands for canonical name, this points one domain to another.

For example:

--@------A----1m--142.176.43.12 -> (@ stands for root/myDomain.tld)
-www--CNAME-1m--myDomain.tld

Now; SSL (https://en.wikipedia.org/wiki/Transport_Layer_Security) stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server (which is now superseded by TLS). To create this secure connection, an SSL/TLS certificate is installed on a web server and serves two functions:

- It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site).
- It encrypts the data that’s being transmitted.

There are different types of SSL/TLS certificates:
- Single: secures one fully-qualified domain name or subdomain name.
- Wildcard: covers one domain name and an unlimited number of its subdomains.
- Multi-Domain: secures multiple domain names.
and the level of validation needed, such as:
- Domain Validation: covers basic encryption and verification of the ownership of the domain name registration. This type of certificate usually takes a few minutes to several hours to receive.
- Organization Validation: in addition to basic encryption and verification of ownership of the domain name registration, certain details of the owner (e.g., name and address) are authenticated. This type of certificate usually takes a few hours to several days to receive.
- Extended Validation (EV): this provides the highest degree of security because of the thorough examination that is conducted before this certificate is issued (and as strictly specified in guidelines set by the SSL certification industry’s governing consortium). In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified. This type of certificate usually takes a few days to several weeks to receive.

Sounds like a lot of nonsense but I think is important to understand how it works in order to solve it. I just change my account to a cPanel control but DirectAdmin has basically the same functionalities.

Hostkoala generates DNS records automatically: Dashbooard /Zone Editor//Manage Zone
and provides with free SSL: Dashbooard /Let's Encrypt™ SSL/ myDomain.tld/Issue

Hostkoala can also self-signed a new certificate but this causes many websites to count the certificate as unsafe, if this is the case, uninstall the current certificate and issue a new one in the Dashbooard /Let's Encrypt™ SSL section.
If the nameservers are not correctly set up the SSL/TLS will not be validate, on your domain registrar replace the default for Hostkoala nameservers otherwise you will have to create the correct DNS records (on your domain registrar) as shown in Dashbooard /Zone Editor//Manage Zone section. After changes are made issue the SSL/TLS certificate again.

Works just fine.
roramigator

Nov 22, 2019 11:23am

Posts: 8
Likes: 0
That's very useful information.

It's also important to note that if someone uses CloudFlare DNS instead of our own, he/she will need to use CloudFlare's SSL instead of our own built in SSL
Trying to help everyone I can :)