Posted on

How to fix python SSL CERTIFICATE_VERIFY_FAILED

Here I explain how to fix Python SSL errors when trying to access DirectAdmin API using the https protocol in Python (e.g. by using the urllib, urllib2. httplib or requests). This error looks like:

    raise ApiError("HTTP Error: %s" % e.reason)
directadmin.api.ApiError: HTTP Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

Server certificate verification by default has been introduced to Python recently in 2.7.9. This protects against man-in-the-middle attacks, and it makes the client sure that the server is indeed who it claims to be.

As a quick (and insecure) fix, you can turn certificate verification off, by:

1. Set PYTHONHTTPSVERIFY environment variable to 0. For example, run

export PYTHONHTTPSVERIFY=0
python your_script

or

PYTHONHTTPSVERIFY=0 python your_script

2. Alternatively, you can add this to your code before doing the https request

import os, ssl

if (not os.environ.get('PYTHONHTTPSVERIFY', '') and
    getattr(ssl, '_create_unverified_context', None)):
    ssl._create_default_https_context = ssl._create_unverified_context
Posted on

How to migrate from PHP 7.0 to PHP 7.2 – Ubuntu & Debian

How to migrate from PHP 7.0 to PHP 7.2 in five minutes.

1. Add PPA ondrej/php

We use Ondřej Surý’s awesome PHP PPA. It already has PHP 7.2, so we’ll add the PPA and update the package information.

Ubuntu

add-apt-repository ppa:ondrej/php
apt-get update

Debian

apt install apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
apt-get update

2. Current PHP packages

This only applies if you are upgrading from a previous version. Note down the current PHP packages you have, so we can reinstall them for PHP 7.2.

dpkg -l | grep php | tee packages.txt

This will save your current packages to packages.txt file in your working directory.

3. Install PHP 7.2

apt-get install php7.2 php7.2-common php7.2-cli php7.2-fpm

This will install the bare basic packages you’d need to get started with PHP 7.2. Note that php7.2-fpm package is used for your web server integration. If you are using Apache with prefork MPM (type apachectl -V to see the MPM used), you’d need to install libapache2-mod-php7.2 instead of php7.2-fpm.

4. Install additional modules

Take a look at the packages.txt file we created at step 2, and install the additional PHP packages. Your packages.txt file will show packages such as php7.0-mbstring, and you need to install their PHP 7.2 counterpart (php7.2-mbstring for example).

You can generate a command that can be run later using this line.

apt-get install $(cat packages.txt | awk '{ apt-get install gsub("7.0", "7.2", $2); print $2 }' | tr '\n' ' ' | sed 's/php7.2-mcrypt //g')

5. Web server configuration

Apache with php-fpm

Before we remove the old PHP packages, make sure that your web server correctly uses the PHP 7.2 sockets/modules. If you installed php7.2-fpm above, and using Apache, a2enconf php7.2 will make Apache use PHP 7.2 FPM. Type a2disconf php7.0-fpm to disable existing FPM configurations.

Apache with mod_php

You can disable the current PHP integration with a2dismod php7.0 (or your current version) and enable new PHP 7.2 module with a2enmod php7.2.

6. Remove old versions

If everything is working well (check your phpinfo() and php -i), you can remove the old packages:

apt-get purge php7.0*

Of course, change php7.0 with all old versions you no longer need.

Enjoy your shiny new PHP 7.2!

Posted on

How to avoid landing page redirects

Your page has 1 redirects. Redirects introduce additional delays before the page can be loaded.

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

If instead of example.com you want the default URL to be www.example.com, then simply change the third and the fifth lines:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]
Posted on

DirectAdmin: Adding a DMARC record to help lower your spam score

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.

Continue reading “DirectAdmin: Adding a DMARC record to help lower your spam score”