Knowledge base

This guide explains how to…

1. … generate a CSR and private key to request a third-party certificate from a Certificate Authority (CA)
2. … import that certificate for your Infomaniak website, using the CRT obtained from the CA

Prerequisites

• While Infomaniak offers all the SSL certificates you might need…
  • Free Let's Encrypt certificates for personal websites (only available for websites hosted on Infomaniak)
  • DV certificates from Sectigo for professional/personal websites not registered in the commercial register
  • EV certificates from Sectigo for businesses listed in the commercial register
• … it is also possible to install an SSL certificate obtained elsewhere (intermediate certificate from a certification body of your choice), custom certificates, or self-signed certificates.

1. Generate a CSR (Certificate Signing Request)

A CSR (Certificate Signing Request) is an encoded file containing the information required to request an SSL/TLS certificate. It must be generated on your end to ensure that the private key remains under your control, for example, by using OpenSSL.

Adapt and run this command in a terminal:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.csr -addext "subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz"

Explanation

• newkey rsa:2048: Generates a new RSA key of 2048 bits.
• keyout domain.xyz.key: Specifies the file where the private key will be saved.
• out domain.xyz.csr: Specifies the file where the CSR will be saved.
• addext “subjectAltName = ...”: Adds additional domains through the SAN (Subject Alternative Name) extension, necessary to include all desired domains in the certificate (the primary domain domain.xyz + any related domain or subdomain such as www.domain.xyz).

After generation, you can verify the contents of the CSR with the following command:

openssl req -in domain.xyz.csr -noout -text

This allows you to verify that all the domains listed in subjectAltName are correctly included.

Once the CSR is generated, you can send it to the Certificate Authority (CA) to obtain your SSL/TLS certificate.

2. Import the external certificate

Once validated, the CA will provide you with a certificate (domain.xyz.crt) and sometimes an intermediate certificate (ca_bundle.crt). To access SSL certificate management:

1. Click here to access your product management in the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on SSL Certificates in the left-hand menu.
4. Click the blue button Install a certificate:
   
5. Select the custom certificate option.
6. Click the Next button:
   
7. Import your certificate and private key, either by uploading the .crt and .key files or by copy-pasting.
8. Click Complete:
   

Alternative command to generate a self-signed certificate (optional)

If you want a local certificate for testing purposes or without going through a CA (not recommended for production), you can use this command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.crt -addext “subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz”

This generates both a self-signed certificate (domain.xyz.crt) and a private key (domain.xyz.key). However, self-signed certificates are not recognized as valid by browsers or public systems. They are only suitable for internal or development environments.

Git and GitHub are available at Infomaniak with all hosting offers on:

• Shared Web Hosting
• Managed Cloud Server

and of course the Jelastic Cloud offer which will allow you deep integration of versioning.

This guide explains how to establish the first SSH connection to your VPS Cloud / VPS Lite.

Running a command with root privileges

You need to enter sudo -i to load the full root environment, giving you a complete interactive session as root with root's home directory and environment variables. Learn more

on macOS or Linux

To connect, you need to open a Terminal window and enter the following command:

ssh -i [key path] [user]@[server]

• [key path] = link to the file containing the private key; as a reminder, when ordering your VPS Cloud / VPS Lite, you were prompted to generate a key pair or upload your own public key (permissions should be sufficient, e.g., 0700)
• [user] = see below for default usernames
• [server] = server's IPv4 address (indicated on the Manager)

Example: ssh -i c:/path/key ubuntu@192.168.1.1

In case of "WARNING: UNPROTECTED PRIVATE KEY FILE!" error, run the command chmod 400 [key path].

on Windows

Windows does not allow native SSH connections: enable Bash shell (Windows 10 minimum) or download the following two free software: PuTTY & PuTTYgen

To start, your private key needs to be converted for use with PuTTY.

To do this, open PuTTYgen and click the "Load" button to load your private key. Then save your private key using the "Save private key" button.

Now open PuTTY and provide the following details:

Under Session (on the left panel):

• [HostName] = server's IPv4 address (indicated on the Manager)
• [Port] = leave the default port, which is 22
• [Connection type] = specify "SSH" here

Under Connection / SSH / Auth (on the left panel):

• load your private key generated via PuTTYgen using the "Browse" button under "Private key file for authentication"
• press the "Open" button at the bottom of the window, a terminal will open and ask for your username (user = see below)

Default [user] usernames for unmanaged Cloud servers:

Table of Linux distributions

This guide allows you to “unlock” any Windows setting blocked by the message “Some settings are hidden or managed by your organization” (such as changing the wallpaper, for example) and to lift these default restrictions in place on the VPS Cloud / VPS Lite server offer.

Reset Local Group Policy Settings

To reset all local group policy settings to their default values:

1. open the command prompt as an administrator

2. enter the following commands:

   RD /S /Q "%windir%\System32\GroupPolicyUsers"
   RD /S /Q "%windir%\System32\GroupPolicy"
   gpupdate /force

3. restart the machine

This guide explains the differences between Infomaniak Web hosting offers to help you choose the best hosting solution according to your needs.

Starter Hosting

Free Web hosting

The Starter hosting is offered for free with each domain name registered with Infomaniak. It provides 10 MB of disk space to create a website (basic HTML pages only - no PHP, no database) even without any particular knowledge thanks to the Welcome Page tool.

• Register or transfer a domain name with Infomaniak
• Learn more about the advantages included with a domain name

Shared Web Hosting

The flagship offer for creating your websites

These hosting plans are shared hosting (websites will be hosted on servers whose resources are shared with other clients). To ensure the reliability of our shared services, our servers use on average only 40% of CPU power and are equipped with state-of-the-art professional SSD disks.

Web hosting offers a minimum of 250 GB of disk space and allows you to manage multiple websites with multiple domain names. This offer includes all the technologies commonly used to create professional websites: PHP, MySQL, FTP and SSH access, SSL certificates, Site Creator and easy installation of WordPress or common CMS, etc.

Cloud Server

Professional Web hosting

With a Cloud Server, the resources allocated to you are not shared with other clients and you can customize the hardware and software configuration of your server according to your needs. A Cloud Server also allows you to use components that are not available on shared hosting (node.js, mongoDB, Sol, FFMPEG, etc.).

• a Cloud Server allows you to easily administer your server via the same administration console as web hosting - you manage the sites in the same way
• a VPS allows you to manage your server 100% autonomously with the Windows version or the Linux distribution of your choice (Debian, Ubuntu, openSUSE, ...) - strong technical skills are required to use a VPS, including VPS Lite

Public Cloud

Open, proven, and secure IaaS solution

For Infomaniak, it's the infrastructure that powers kDrive, Swiss Backup, and Webmail, services used by millions of users. But Public Cloud is accessible to everyone and provides the resources you need for your projects' development.

With our custom and tailor-made offers, you will have no trouble managing your development budget. No setup fees. No minimum amount. Cancelable at any time. You only pay for the resources actually used with our Public Cloud at the end of each month.

Jelastic Cloud

Custom hosting with the technologies of your choice

Jelastic Cloud allows you to create custom development environments with the technologies of your choice (PHP, Node.js, Java, Docker, Ruby, etc.). It's a flexible cloud offering:

• horizontal and vertical resizing of resources
• payment based on actual resource consumption
• easy customization of your infrastructure (redundancy, IP, SSL, load balancing, etc.)

This guide explains how to execute the open-source dependency manager Composer 1 and 2 using an SSH command.

Composer is an open-source dependency manager for PHP that allows managing libraries and packages required for a specific PHP project. It enables developers to define the libraries their application needs and install them consistently, making dependency management easier for complex PHP applications.

Executing Composer

To use Composer on your hosting, you need to connect to your server via SSH and install Composer on your hosting by specifying the following command:

Composer

... for Composer 1.x !

Composer2

... for Composer 2 !

You can also use the following alias to install the version compatible with the PHP version installed on your hosting:

Composer --version

... which will output, for example, Composer version 2.5.0 2022-12-20 10:44:08

Composer_php5.6 --version

... will output Composer version 1.8.6 2019-06-11 15:03:05

This guide explains how to update a Let's Encrypt SSL certificate following the addition or removal of aliases to a website hosted by Infomaniak.

Update a Let's Encrypt Certificate

To access the certificate management :

1. Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Firefox
2. Click on the ‍ icon in the top right corner of the interface (or navigate through the left sidebar menu, for example)
3. Choose SSL Certificates (universe Web & Domain)
4. Click on the name of the relevant object in the displayed table
5. Click on the Manage button
6. Click on Update
7. Tick the boxes of the domains to include in the certificate after the update
8. Click on the blue Update button

This guide explains how to modify the PHP version directly via command line when running PHP scripts using PHP CLI (Command Line Interface). This can be useful when you need to temporarily modify certain settings for a specific script or PHP session.

Modify the PHP Version Used in CLI

To change the PHP version used in command line (CLI) via SSH:

1. Connect via SSH (help)
2. Create a .profile file if it doesn't exist: touch ~/.profile
3. Edit the .profile file: nano ~/.profile
4. Add this code inside the file to choose the desired PHP version: export PATH=/opt/php7.4/bin:$PATH
5. Load the .profile file: source ~/.profile
6. Verify the PHP version: php -v

Interactive Mode

The .profile file mentioned above is only loaded when the user interface is used. In SSH (login mode), it's the .bash_profile file that is sourced. And in interactive mode (non-login), it's the .bashrc file that is sourced.

Some server deployment scripts open sessions in interactive mode (non-login), and environment variables are not loaded into the PATH even if the SSH session is correctly configured.

In this case, you need to load the PHP version into the .bashrc file (export PATH="/opt/php7.4/bin:$PATH"), and source the .bashrc file in the .bash_profile and .profile files (. ~/.bashrc).

After following these steps, the PHP version you specified should be loaded into your shell environment whenever you open a new session. This will allow you to run scripts using this PHP version in command line (CLI).

Mention of PHP Version

If you only use the mention php, the release preceding the one that was already in place will be installed (latest version -1): if the latest installed version is 8.1, it's 8.0 that will be used with "php". It's preferable to use the mention php-7.0, php-7.1, etc. so that the version doesn't change with each update.

This guide concerns the task scheduler, a feature that allows you to run scripts on Web Hosting at the time and frequency of your choice to automate repetitive tasks. 

Also, read this guide (click here) about crontab (crons via SSH) on Managed Cloud Server.
 

Accessing the Task Scheduler (webcron)

To access the task scheduling tool:

1. Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Edge
2. Click on the ‍ icon in the top right corner of the interface (or navigate through the left sidebar menu, for example)
3. Choose Hosting (Web & Domain universe)
4. Click on the name of the relevant object in the displayed table
5. Click on Advanced Tools in the left sidebar menu
6. Click on Task Scheduler in the left sidebar menu
7. Existing crons are displayed on the page; read below

Add a Task to Execute

Click on the blue button at point 7 above to create a scheduled task, specifying whether the script URL to be executed is password-protected, if you want to receive notifications, etc.

 

Don't forget to activate the task using the toggle button.
 

Minimum Intervals
 

You can schedule the cron at a minimum interval of:

• 15 minutes with shared hosting
  
   
• 1 minute on Managed Cloud Server
  
   

This guide lists the supported operating systems (Linux distributions) that can be installed when ordering a VPS Cloud / VPS Lite.

Prerequisites

• Set a password for your user after logging in for the first time with the private key, especially to troubleshoot your server by connecting via VNC console in case of issues

Natively Supported Linux Distributions

Debian

If you are from the Debian environment, then such a server would be an excellent choice, an alternative to CentOS offered below. Debian editions are very stable, especially since "Buster" or more recently "Bookworm" (Debian 12). Learn more

Ubuntu

If you are familiar with Ubuntu in the desktop version, you might want to have it on your server. Learn more

FreeBSD

The base code of FreeBSD has been developed, enhanced, and optimized continuously for over thirty years. It is developed and maintained by a large team of people. FreeBSD offers advanced networking features, strong security, and high performance. Learn more

openSUSE

This distribution is ideal for beginners, experienced users, and ultra-geeks, in short, it is suitable for everyone! Learn more

CentOS

CentOS is the most popular distribution for a web server and therefore has great support, whether it's on the community forum, or anywhere on the web. CentOS editions are very stable, long term. Learn more

Other Linux Distributions

Infomaniak regularly adds new Linux distributions:

• Fedora
• RancherOS
• ArchLinux
• AlmaLinux
• RockyLinux

Specific Distribution / Disk Image

Only official images can be installed, and Infomaniak does not install any operating system from ISO disk image. If you want to install a specific distribution, you can do so by importing the image on Public Cloud.