You may be reading this after reading my guide here https://fearby.com/article/adding-a-commercial-ssl-certificate-to-a-digital-ocean-vm
Related Guide: How to buy a new domain and SSL cert from NameCheap, a Server from Digital Ocean and configure it.
Having strong SSL and security is a constant battle. Recently a bug OpenSSL Padding Oracle vulnerability (CVE-2016-2107) in OpenSSL. More information here.
You can check your websites SSL security here https://www.ssllabs.com/ssltest/ and this this tool https://filippo.io/CVE-2016-2107/.
Hopefully you do not see this:
How to Fix (1/2) – Update Misc.
sudo apt-get update sudo apt-get dist-upgrade
How to Fix (2/2) – Manual Update OpenSSL
Head on over to ftp://ftp.openssl.org/source/ and check the filename of the latest update.
Run the following commands in a terminal.
wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz tar -xvzf openssl-1.0.1g.tar.gz cd openssl-1.0.1g ./config --prefix=/usr/ make sudo make install
You can verify you are running the latest OpenSSL by typing:
root@yourdomain:~/temp/openssl-1.0.2h# openssl version OpenSSL 1.0.2h 3 May 2016
You may also need to restart your web server:
sudo service nginx restart
Review more security advice here: https://wiki.ubuntu.com/Security/Upgrades
Re test your website with https://filippo.io/CVE-2016-2107/.
Security
Cheap may not be good (hosting or DIY), do check your website often in https://www.shodan.io and see if it has open software or is known to hackers.
I hope this helps.
Donate and make this blog better
Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]