So I’ve talked about my hosting provider before, their tech support isn’t the brightest crayons in the box. It seems whatever issue I have with them, they don’t read what exactly I want. Key word analysis is great guys, I did it when I worked phone support at Symantec. What I didn’t do is misinterpret everything the customer said on every single issue. If something isn’t working you have to fix it.
Warning for the non-geeks that read my site, this is about to get technical.
Let’s go back to the beginning and flash forward to present day. In September I really wanted to implement SSL for the administration section of my blog – simple, easy, and secure. The biggest reason for this was the WordPress 2.7 series offered better support for SSL, so now why the time to implement instead of hacking around with plugins for support. This turned out to be not so simple.
Online I found my hosting provider is supposed to offer a server self signed certificate, so I sent the following message to tech support:
Is there a shared server certificate for SSL that I can use for my wordpress installation?
Now I’m fast and willing to pick through things on my own, so before technical support could reply I added this second message to my brand new ticket.
I found the SSL manager in cpanel -
1. Do you have instructions on properly generating your SSL key for use with
this (wording might be wrong – but how to configure this so I can use it with
my creeva.com domain?2. Do you instructions on using this with wordpress?
Simple and straight forward I thought. Here is what I got back:
Hello,
If you install the shared SSL for the domain, you will be getting warning when
you take the site.It is better to purchase SSL from third party godday.
Please check the link given below for installing SSL.
http://www.cpanel.net/support/docs/11/cpanel/sec_ssl.htmlIn case you have any more queries, please don’t hesitate to contact us with
all the required details. We’ll be happy to assist you further.
Let’s throw the little bit of broken english aside for a moment and break this down. I am aware (of course they don’t know this) that I will be getting a certificate mismatch error when I login to the SSL site. Problem one I see is that they are sending me a third party, yet they sell an SSL service – I find this odd, but Godaddy (I’m assuming that was what he meant) is cheaper. Good customer service? Maybe. The other problem is that he sent me the instructions to doing this in Cpanel 11, all fine and good, but they have all of their customer on Cpanel 10. The instructions were similar and I followed them. After implementing the changes I attempted to go to my website on HTTPS. Firefox through out the following message:
Secure Connection Failed
An error occurred during a connection to creeva.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)The page you are trying to view can not be shown because the authenticity of
the received data could not be verified.* Please contact the web site owners to inform them of this problem.
I spent a day researching this message, BTW Firefox’s documentation of error message is terrible, hence why it took me a day instead of minutes. Also Firefox’s documentation is wrong as I would find out later. After a few days of trying to get this to work I gave up and wrote this off as a lost cause for the moment and focused on other things.
Flash forward to yesterday, I decided to reopen this ticket since again I wanted SSL. I knew from experience that the shared cerrtificate would not work properly, so I went and generated a free (valid) one from Instant SSL. I wanted to do this before purchasing my own SSL certificate from Godaddy, just to make sure everything was working properly. I went through all of the steps and I go thte same error message. Well I saved the thirteen dollars a valid certificate would have cost, but wasn’t any closer to my end goal of an encrypted WordPress administration section. I still wanted this so I opened the original ticket back up (tech support hates that BTW) and added the following note:
I’m back to this again – I was considering buying SSL instead of using the
shared cert – but having applied a cert from Comodo – I’m getting the same
error in firefox:Secure Connection Failed
An error occurred during a connection to creeva.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)The page you are trying to view can not be shown because the authenticity of
the received data could not be verified.* Please contact the web site owners to inform them of this problem.
If I try Internet Explorer it doesn’t even connect
If I use digicerts SSL checker – http://www.digicert.com/help/ I get this:
DNS resolves ‘creeva.com’ to 69.4.229.212
No certificates were found.
Output from ‘openssl s_client’ command:
13127:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:585: CONNECTED(00000003Now following godaddy’s instructions it seems I need access to cpanel WHM -
which is somethig from a shared hosting perspective I need you to implement.
Can I get this done – also I’m perfectly fine using a self signed server
generated cert (which is what it currently is right now)Since I’m not using a shopping cart and I’m only going to use SSL for
maintenance of wordpress, it’s perfectly fine for me to receive the security
exception warning in firefox since it will not be a customer facing error, I
only want the encryption side, not the non-repudiation side of SSL.Also the instructions you sent me are for Cpanel 11 – currently my account uses
cpanel 10 when I login
For those technical people that understand what I’m trying to accomplish, am I unclear on this? Please excuse my muddled use of non-repudiation. Also that stupid Firefox message I stated was vague, well it seems the server wasn’t even completing the connection properly – stupid Firefox error messages. This is the response I got back:
For installing a dedicated SSL certificate on your domain, you will have to
purchase a static IP(dedicated IP) for your domain. For that you need to
contact our billing department.
After obtaining a static IP, we will assign that IP to your domain. You can
upload your cert , key and CA bundle for the site to the server so that we
can install the cert for you.
Also please note that there will be some downtime for the site until the IP
change propagates globally.Please confirm if you need a static IP for the domain, so that we can forward
this to the concerned department.
Now what part my message did they not understand I did state that I was perfectly fine with an error message, that I wanted to use the shared certificate. I think I implied fairly well that I would prefer to use the shared certificate, that way I wouldn’t have to actually buy my own. This is the problem you get into when you do keyword scanning, at least the first guy with broken english understood my question better. My response:
Like I said in my previous e-mail – I do not need a static IP, nor do I need
a dedicated SSL certificate – I’m fine using the standard shared SSL
certificate – as was/is advertised online that all plans came with a shared
server SSL cert – that is what I would like to use and that is what is not
working.
Maybe they’ve finally understood my issue?
We are checking your query regarding shared SSL in detail. We will get back to
you with the updates soon.
Soon came about thirty minutes later:
After careful review of this ticket, we have decided that you could be better
assisted in another department within our company.For this reason, we are transferring your ticket. Please expect a short period
of time where this ticket is not updated, as it is queued up at its
destination.We make every effort possible to take care of every ticket as quickly as we
can. We will contact you shortly.Thank you for understanding,
Was was nice enough to leave off the names of their technical support staff. What I don’t understand is why I have to go to another department – maybe I’m going to the server admins who actually make the changes? Any time I have an issue it seems that I have to go through a lot of back and forth in the technical support team. If you techies read my inquiries as unclear, please let me know. As I get more information I’ll be updating the comments.
Grrrrrrrrrrrrrr
UPDATE – not often I get to update – it seems HTTPS is now working on my domains – well kind of. I still have more configuration to complete on my side, but it is at least answering now. Only took thirteen hours.