rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#13667 — FS#18027 — Activation of protocole HTTPS

Attached to Project— Hosting
Modernization
all (Plan hostings)
CLOSED
100%
As you know, OVH, is very conscious about security and privacy. That's why when Let's encrypt was launched, we decided to support this initiative so that many sites can deploy HTTPS.

With millions of sites hosted with us, we realize that we can play an important role in generalizing encryption on the Internet. So we wondered how we could have the highest impact! We could offer the free activation of protocole HTTPS on websites by a button in the customer area. But it was not simple enough for us.

So we chose to enable HTTPS and encrypt communications to all sites of our web hosting. All. Without exception. Including the existing sites.

We have now generated a certificate for 95% of the web hosting accounts that we manage (it shows on graphs Let's encrypt since early May: https://letsencrypt.org/stats/). We have a few cases to handle on our 1.5 million accounts, but it is very likely that your web hosting already has a certificate.

On our side, we had to change some pieces of our infrastructure because quantifying the flow of millions of sites is not an easy task to do. For this reason, we used a new load balancing brick that is able to manage all the encrypted stream. If you want to try, we propose the beta for a few days.

We are deploying this new load balancing brick instead of our old load balancers. It takes us some time to ensure that the service continues to be provided without flaws. Currently, four clusters have already gone on the new load balancer:

cluster012 (1000gp)
cluster013 (20gp)
cluster002 (90plan)
cluster007 (xxlplan)

You can see the cluster of your web hosting on your account in the "Access to the cluster" fields. Other clusters will all be migrated in the coming days. We will indicate clusters deployed in this work task.

So if you are concerned by any of these four clusters, how to obtain HTTPS?

Handling is not required, it is already activated!
Simply add the "s" in https in your URL and it's good.

Please note that it is possible that the code of your site is not fully compatible with HTTPS. In this case, we have written a guide indicating the main concerns to be addressed: https://www.ovh.com/us/g2220.avoid_the_common_pitfalls_of_making_your_website_secure_with_ssl

As you wished you asked the fewest questions, all of your multi-site are a HTTPS. The certificate from your site includes all sites that you make available from your web hosting account. Still nothing to do.

Finally, for those who already have an SSL, we will offer other types of certificates and within a few days and you will be migrated to the new certificates. We will keep you informed shortly.

We also have CDN compatible with SSL in pipes. We still have a little work to do before offering it properly, but we will get there.

Regards,
The Web Hosting team
Date:  Tuesday, 20 September 2016, 09:09AM
Reason for closing:  Done
Comment by OVH - Tuesday, 14 June 2016, 18:43PM

Many of you tell us that your site in HTTPS returns you the error "Your connection is not secure."
This happens when you do not have an active SSL certificate on your site. This happens in many cases:

- Make sure your site is on one of the 4 clusters deployed (cluster012, cluster013, cluster002 or cluster007).
- If this is the case, make sure you do not have a CDN on your offer. The CDN is not yet compatible with SSL.
- If this is the case, make sure your domain is pointing to the IP address of your web hosting. The IP of your web hosting is in your account, in the "IPv4" field.
- If it's still the case, it may be that your certificate is not yet generated and it is within the 5% of certificates that are being generated. Do not worry, this is in progress and all certificates should be available next week.

Feel free to give your feedback on web@ml.ovh.net (registration on web-subscribe@ml.ovh.net)


Comment by OVH - Tuesday, 14 June 2016, 18:50PM

We are now preparing the deployment of new clusters. During this deployment, we detected an issue on some of our IPLB which might impact the service during load spikes. We made the choice to reset the configuration of the IPLB.

We have disabled cluster007 based on one of these IPLB during the operation. This cluster should now be available tomorrow.


Comment by OVH - Tuesday, 14 June 2016, 18:52PM

The IPLB has been successfully configured.
We just put cluster007 (xxlplan) behind our IPLB. Thus, this cluster has new SSL certificates.


Comment by OVH - Tuesday, 14 June 2016, 18:53PM

We have fixed some bugs on our load balancers. We expect that these bugs are fixed before setting the new clusters into production in order to avoid any interruption of service.


Comment by OVH - Tuesday, 14 June 2016, 18:54PM

We have just deployed a new cluster: cluster006 (mediaplan)

There are currently five clusters therefore eligible for the HTTPS:

cluster002 (90plan)
cluster006 (mediaplan)
cluster007 (xxlplan)
cluster012 (1000gp)
cluster013 (20gp)

We will add more clusters on Monday.


Comment by OVH - Tuesday, 14 June 2016, 18:57PM

We had an interruption at 11:30 for two minutes of HTTPS.

After investigation, our IPLB lost their BGP add and traffic was redirected to the old load balancers.
This loss was caused by a saturation of resources.

We have added new resources to IPLB web accommodation to avoid this bug.

We are also working on a fix that will prevent the loss of BGP adds even when certain income limits are reached, and thus avoid the loss of all the encrypted stream.


Comment by OVH - Tuesday, 14 June 2016, 18:59PM

We have just deployed a new cluster: cluster011 (300gp)

There are currently six clusters therefore eligible for the HTTPS:

cluster002 (90plan)
cluster006 (mediaplan)
cluster007 (xxlplan)
cluster011 (300gp)
cluster012 (1000gp)
cluster013 (20gp)

We are monitoring the infrastructure for a couple of hours before we continue the deployment.


Comment by OVH - Tuesday, 14 June 2016, 19:02PM

We have just deployed a new cluster: clusterr003 (240plan)

There are currently sept clusters therefore eligible for the HTTPS:

cluster002 (90plan)
cluster003 (240plan)
cluster006 (mediaplan)
cluster007 (xxlplan)
cluster011 (300gp)
cluster012 (1000gp)
cluster013 (20gp)

If everything flows fine, we will continue tomorrow.


Comment by OVH - Tuesday, 14 June 2016, 19:07PM

A failure on one of IPLB disrupted the delivery of HTTPS traffic (only encrypted traffic) for one hour.

Our teams are working to fix the problem and the IPLB team will check the operation throughout the day.

In order not to disturb this monitoring, we will not add new clusters.


Comment by OVH - Tuesday, 14 June 2016, 19:30PM

Cluster003 suffered a DDOS attack. The biggest since we startedusing the new load balancer. It was supported by the anti DDOS OVH.

The attack allowed us to identify potential improvements for DDOS to detect attacks much faster. We decided to encode these improvements and deploy them before we continue the deployment of our clusters.

We also removed cluster003 while deploying these improvements.

The production is scheduled this afternoon and we chose to monitor the IPLB operation until Monday before continuing the deployment of new clusters.


Comment by OVH - Tuesday, 14 June 2016, 19:32PM

The setting of DDOS mprovements has taken longer than expected. Our teams are still actively working on it to deploy new clusters as soon as possible.

We will update you when the cluster deployments have resumed.


Comment by OVH - Tuesday, 14 June 2016, 19:33PM

Hello,

The deployment of anti DDOS improvements is progressing well. To verify that everything is working properly, we will test this new anti DDOS on cluster012 (1000gp) tomorrow morning between 10 and 11 (Paris time).

If you have concerns about this cluster during these hours, please alert us web@ml.ovh.net (registration on web-subscribe@ml.ovh.net) or OVH forums (forums. ovh.com)


Comment by OVH - Tuesday, 14 June 2016, 19:34PM

The tests have just started. We are monitoring cluster012. If you have any abnormal behavior, contact us.


Comment by OVH - Tuesday, 14 June 2016, 19:35PM

Tests complete. Cluster012 is back to normal.

We have not seen traffic abnormalities. We will continue testing this afternoon.
We will apply the anti DDOS on cluster015 (mediaplan) from 15:30 to 16:30.


Comment by OVH - Tuesday, 14 June 2016, 19:36PM

Starting tests on cluster015...


Comment by OVH - Tuesday, 14 June 2016, 19:39PM

We will apply the anti DDOS on cluster013 (20gp) from 5 to 6pm.
If you detect any issues, please contact us on web@ml.ovh.net (inscription sur web-subscribe@ml.ovh.net)


Comment by OVH - Tuesday, 14 June 2016, 19:41PM

Tests are on this morning.

We are currently applying the antiDDos on clusters 006 (mediaplan) and 012 (1000gp).

If you detect any issues, please contact us on web@ml.ovh.net (inscription sur web-subscribe@ml.ovh.net) or on the OVH forums (forums.ovh.com)


Comment by OVH - Tuesday, 14 June 2016, 19:42PM

We will deploy clusters:

cluster002 (90plan)
cluster006 (mediaplan)
cluster007 (xxlplan)
cluster011 (300gp)
cluster012 (1000gp)
cluster013 (20gp)

If you detect any issues, please contact us on web@ml.ovh.net (inscription sur web-subscribe@ml.ovh.net) or on the OVH forums (forums.ovh.com)


Comment by OVH - Tuesday, 14 June 2016, 19:44PM

The tests are going well. There are still some tests to perform and to deploy new anti ddos on the entire infrastructure.

Meanwhile, we have just deployed the buttons enabling and disabling Let's encrypt SSL certificate in the OVH manager.
It is of course effective on the 6 clusters deployed. For the rest, the certificate will be ready to run on the big day.