As of Thursday, November 1, 2012, there will be a change in the temporary URLs of web hosts and the related free access to the web via HTTPS. (Update 30.10.: clarification added)
Starting Thursday , November 1, 2012, the following changes will occur for all web hosts.
The pages will no longer be accessible via the previously used internal (“temporary”) URLs of the form XXXX.wYY.wedos.net, but will start using new names on a different domain – XXXX.wYY.wedos.ws (change of the ending from .NET to .WS). This change does not affect FTP access to the site, the current wedos.net domain names will continue to be used.
The changes will take place during the day 1.11.2012. The original URLs will stop working (displaying a 404 error) and the new ones will start working. There will be no transition period where both the original and the new name can be used.
You will see the new URL of the specific web host after the change in the web host details in the customer center.
Another change is related to this – for the free HTTPS variant (with a shared certificate), the new URLs mentioned above will also be used and the corresponding SSL certificate will no longer be issued by the globally trusted certification authority StartSSL, but by our certification authority WEDOS CA.
The implication of this is that when accessing HTTPS through an internal domain (XXXX.wYY.wedos.ws) even through your actual web hosting domain, browsers will report a security issue because they will not know the CA used. There are 2 possible solutions:
- Ignore this error and approve an exception in your browser for this site
- Install the root certificate of our certification authority on your PC, more in the article WEDOS Certification Authority
The security problem is not related to HTTPS with its own certificate. It is up to the customer which certificate from which certification authority they use.
We apologize for any complications, but we do not expect this to cause any problems as these are internal webhost URLs for non-public use.
Why and why so suddenly?
This quick and necessary change is a result of the increasing number of security problems on our customers’ websites – phishing, malware, fraudulent redirects, etc. This malicious content is mostly getting on customers’ sites through security holes in the content management systems they use, the worst situation is with WordPress.
As a result of these problems, our domain wedos.net appears on various blacklists and is often blocked by antivirus and other programs, search engines, browsers, etc., which affects all sites running on the wedos.net domain, including customer interfaces such as phpMyAdmin, webmail, WebFTP, but can also cause problems when connecting to the email server via POP3, IMAP, etc.
For the same reasons (security issues), we have to stop using a trusted certificate issued to our company on our customers’ websites, following a request from the certification authority we use. Certificates issued by our company may only be used on websites operated directly by us. If we left it that way, we would take partial responsibility for what is found and operated on our customers’ sites.
Unfortunately, all of this must be done without undue delay to ensure the continued smooth operation of our services. We are aware that several customers will be negatively affected and we are prepared to deal with them on claims and possible compensation.