Wildcard Let’s Encrypt certificates now available

Let’s Encrypt recently started offering wildcard SSL certificates that work with any subdomain, without forcing you to get a new SSL certificate every time you change the hostnames you use.

If we host your site’s DNS nameservers (which is true for almost all of our hosting customers), we can now automatically provide you with a wildcard certificate, for free. We’ve already updated every existing Let’s Encrypt certificate to be a wildcard wherever possible.

If you’re still paying GoDaddy $349.99 a year for a wildcard SSL certificate, or paying Network Solutions $579 a year for it, now might be a good time to switch to our service. 😉 (In the last week, we’ve provided several million dollars worth of wildcard certificates to our customers even at GoDaddy’s introductory prices. You’re welcome!)

We’re using Let’s Encrypt wildcard certificates ourselves, too

We’re now also using these certificates on everything related to our own services, too, including our website, blog, FTP servers, and mail servers.

Almost all customers shouldn’t notice any change, but if you use secure connections with old or unusual programs that don’t handle SSL connections properly, you might be asked to “accept” the new certificate.

Read the rest of this entry »

PHP 7.2 series now available

We’re now providing support for PHP 7.2 (in addition to the 5.6, 7.0 and 7.1 series), so PHP 7.2.4 is available in our control panel.

We believe it’s stable (it’s used for the blog you’re reading now), but we don’t yet recommend it for most customers. It’s fairly new and some third-party scripts are not yet compatible with it. If you want to try it anyway:

  1. First, update your site’s PHP scripts, including WordPress, Joomla, any plugins or themes you use, and so on
  2. Login to our My Account control panel
  3. Click PHP Settings
  4. Click PHP 7.2 series
  5. Click Save Settings

After updating, test your site carefully to make sure there aren’t any problems.

By the way, if all this seems confusing, we have a page explaining more about PHP versions and updates.

PHP 7.1 is now the default for new accounts

The somewhat older PHP 7.1 series has been out long enough that all modern script software should be compatible with it. Because of that, we’re making PHP 7.1 the default for new customers.

We haven’t changed the version for any existing accounts, but we recommend that all customers use at least PHP 7.1 if possible (the instructions above explain how to choose the version your site uses). PHP 7.1 is slightly faster than PHP 7.0 and almost twice as fast as PHP 5. If you care about your site’s speed (and you should), always use the newest version of PHP that’s compatible with your scripts.

PHP 5.6.35, 7.0.29 and 7.1.16

The PHP developers recently released versions 5.6.35, 7.0.29 and 7.1.16 that fix several bugs. We’ve upgraded the PHP 5.6, 7.0 and 7.1 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Protection against critical Drupal security bug SA-CORE-2018-002

The authors of the Drupal CMS software today announced a “highly critical” Drupal security bug (SA-CORE-2018-002).

This vulnerability is likely to be widely exploited soon. If you use Drupal 6, 7 or 8 without updating it, your site will be compromised (taken over by “hackers”).

To protect our customers who have installed Drupal, we have “patched” the vulnerable files on every copy of Drupal on our servers, blocking the attacks that we expect to see in the future. We used these patches:

So our customers are protected against this particular problem. But that doesn’t mean you shouldn’t upgrade Drupal: older versions also have other security bugs. If you’ve installed the Drupal software on your site, please make absolutely sure you’ve upgraded to the latest version today.

PHP 5.6.34, 7.0.28 and 7.1.15; Perl 5.20 (completed)

Update 4:30 PM Pacific time March 25: The changes described below have been deployed on all servers.

The PHP developers recently released versions 5.6.34, 7.0.28 and 7.1.15 that fix several bugs. Over the next couple of days, we’ll be upgrading the PHP 5.6, 7.0 and 7.1 series on our servers as a result.

In addition, we’ll be upgrading the less-commonly used Perl scripting language from version 5.14 to 5.20 at the same time. (These need to be updated simultaneously because of shared “dependencies” on certain software libraries.)

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Scheduled maintenance March 9 & 10, 2018 for some servers (completed)

Update 11:55 PM Pacific time: The maintenance described below was completed successfully and all services are running normally.

Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.

The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.

Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.

This coming weekend, we’ll be updating some (not all) web servers:

  • Friday, March 9, 9:00-11:59 PM Pacific: servers ending in digit “2” (completed)
  • Saturday, March 10, 9:00-11:59 PM Pacific: servers ending in digit “1” (completed)

So, for example, the “web12” server will be updated on March 9, and the “web01” server will be updated on March 10. This page explains how to find which server a site is on.

(Servers ending with other digits have already been updated in maintenance in previous weeks. This will complete the upgrades.)

Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.

Scheduled maintenance March 2 & 3, 2018 for some servers (completed)

Update 11:18 PM Pacific time: The maintenance described below was completed successfully and all services are running normally.

Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.

The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.

Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.

This coming weekend, we’ll be updating some (not all) web servers:

  • Friday, March 2, 9:00-11:59 PM Pacific: servers ending in digits “6” and “5” (completed)
  • Saturday, March 3, 9:00-11:59 PM Pacific: servers ending in digits “4” and “3” (completed)

So, for example, the “web06” server will be updated on March 2, and the “web13” server will be updated on March 4. This page explains how to find which server a site is on.

(Servers ending in “0”, “9”, “8” and “7” have already been updated. Servers ending in “2” and “1” will be updated the following weekend; we’ll post a separate announcement about that.)

Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.

Scheduled maintenance February 23 & 24, 2018 for some servers (completed)

Update 11:18 PM Pacific time: The maintenance described below was completed successfully.

Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.

The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.

Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.

This coming weekend, we’ll be updating some (not all) web servers:

  • Friday, February 23, 9:00-11:59 PM Pacific: servers ending in digits “0” and “9” (completed)
  • Saturday, February 24, 9:00-11:59 PM Pacific: servers ending in digits “8” and “7” (completed)

So, for example, the “web10” server will be updated on February 23, and the “web07” server will be updated on February 24. This page explains how to find which server a site is on.

(Additional servers will be updated the following weekends; we’ll post separate announcements about that.)

Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.

All copies of WordPress 4.9.3 updated to 4.9.4

One of the nice things about WordPress is that it automatically updates itself for important security and bug fixes. For example, if you installed WordPress 4.9.1, it would have automatically updated itself to version 4.9.2 on January 16, and to version 4.9.3 on February 5.

Unfortunately, WordPress 4.9.3 has a bug that prevents it from automatically updating itself to later versions. It needs to be manually updated to version 4.9.4 or later.

The WordPress 4.9.3 to 4.9.4 update is trivial (it fixes only this bug, after which automatic updates will work again), so we’ve updated every customer copy of WordPress 4.9.3 on our servers to version 4.9.4, just as if it had happened automatically.

Customers should not notice any change as a result of this — but as always, don’t hesitate to contact us if you have any trouble.

You can now set the default script sender address

If you install a script that sends mail, that script should let you choose the address it sends from. Unfortunately, some scripts don’t offer that feature, instead using a default sender address that on our systems looked like “From: example.com@tigertech.net” until now.

The inability of these scripts to specify a sender address has become more of a problem as email reputation and security systems like DKIM are deployed.

To help with this, we’ve enhanced our email system to allow you to specify the sender address these scripts use. The “How can I change the default address?” section of our page about script addresses has more details.

By the way, if you use a script like this and you don’t choose an address, it will default to the slightly different “From: example.com@tigertech-hosted-site.net” from now on. But we recommend that anyone who uses these kinds of scripts choose a real address instead, which will ensure other people see only your own domain name.