How to fix python SSL CERTIFICATE_VERIFY_FAILED

Here I explain how to fix Python SSL errors when trying to access DirectAdmin API using the https protocol in Python (e.g. by using the urllib, urllib2. httplib or requests). This error looks like:

    raise ApiError("HTTP Error: %s" % e.reason)
directadmin.api.ApiError: HTTP Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

Server certificate verification by default has been introduced to Python recently in 2.7.9. This protects against man-in-the-middle attacks, and it makes the client sure that the server is indeed who it claims to be.

As a quick (and insecure) fix, you can turn certificate verification off, by:

1. Set PYTHONHTTPSVERIFY environment variable to 0. For example, run

export PYTHONHTTPSVERIFY=0
python your_script

or

PYTHONHTTPSVERIFY=0 python your_script

2. Alternatively, you can add this to your code before doing the https request

import os, ssl

if (not os.environ.get('PYTHONHTTPSVERIFY', '') and
    getattr(ssl, '_create_unverified_context', None)):
    ssl._create_default_https_context = ssl._create_unverified_context

DirectAdmin: Adding a DMARC record to help lower your spam score

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.

Continue reading “DirectAdmin: Adding a DMARC record to help lower your spam score”

DirectAdmin 1.53.1 Release Candidate 1

Hello,

We’re pleased to announce the 1.53.1 release candidate for DirectAdmin:

Version: 1.53.1 RC1

All features and fixes are listed here:
https://www.directadmin.com/versions…rsion=1.531000

If you find any issues, please reply here with reports (rather than tickets or email, unless requested) to avoid duplicate reports.

The biggest new feature will be the LetsEncrypt wildcard certificates.
NOTE: To use it, you must enable dns_ttl=1 for per-record TTL settings, or else the LE Wildcard checkbox won’t show up.

If all goes well, the full/stable release is slated for June 26th.

To download this version, please grab the pre-release binaries:
https://help.directadmin.com/item.php?id=408

John

Source: Official DirectAdmin Announcements

Enabling DNSSSEC on your DirectAdmin server

DNSSEC is a tool used to verify the validity of a dns lookup.
You can enable this feature in DirectAdmin 1.44.1 and newer by typing:

cd /usr/local/directadmin/scripts
./dnssec.sh install

After the command has been successfully executed. Please add the following to the ‘options { …. }’ section of your /etc/bind/named.conf.options:

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/bind/named.iscdlv.key";

which should confirm if your named.conf is set, and will enable the dnssec=1 in the directadmin.conf automatically. If the script thinks you’re missing anything from your named.conf, it will tell you what to add.

To enable DNSSEC on a domain, go to:
Admin Level -> DNS Admin -> prado.lt

1. Click “Generate Keys”
2. then click “Sign”

3. You should now see values at the bottom of the zone. Copy the 2 DS records, and paste them into your domain registrar’s website.

If you have any subdomains created as full domains, you’ll need to follow extra steps to continue the chain of trust up the line into the main domain’s zone. For normal subdomains created under a domain, no extra action is required, as they’re part of the domain’s normal zone.

Security & bug fix releases PHP 7.1.18, 7.2.6

Security & bug fix releases

http://php.net/ChangeLog-7.php#7.1.18

http://php.net/ChangeLog-7.php#7.2.6

The PHP development team announces the immediate availability of PHP 7.2.6. This is a primarily a bugfix release which includes a memory corruption fix for EXIF.

PHP 7.2 users are encouraged to upgrade to this version.
The PHP development team announces the immediate availability of PHP 7.1.18. All PHP 7.1 users are encouraged to upgrade to this version.

Security & bug fix releases PHP 5.6.36, 7.0.30, 7.1.17, 7.2.5

Security & bug fix releases

http://php.net/ChangeLog-5.php#5.6.36

http://php.net/ChangeLog-7.php#7.0.30

http://php.net/ChangeLog-7.php#7.1.17

http://php.net/ChangeLog-7.php#7.2.5

The PHP development team announces the immediate availability of PHP 7.2.5. This is a security release which also contains several minor bug fixes.

All PHP 7.2 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.30. This is a security release. Several security bugs have been fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.