Frequently Asked Questions

OpenSSL/Heartbleed Information for Your Server

Print this Article
Last Updated: May 5, 2014 10:26 AM

A critical vulnerability with OpenSSL, known as "The Heartbleed Bug" was recently announced that could potentially impact your virtual private or dedicated server. You can learn more about it at http://heartbleed.com/.

Are you vulnerable?

If you are running certain versions of OpenSSL on your Linux server, you may be at risk.

How can you check?

Run the test available at http://filippo.io/Heartbleed/ — this will tell you whether or not your server is impacted.

What if your server is at risk?

  1. Update your server to the latest version of OpenSSL. We have instructions for you here.
  2. Restart all Apache services in your server.
  3. Rekey any SSL your server uses. This removes any future potential risk. We have instructions for rekeying certificates you purchased through us here.
  4. Ensure you're using your SSL properly by using an SSL configuration tool (Qualys SSL Labs has one here) and a mail server configuration tool (we recommend CheckTLS.com).
How do you know you are safe?

Double-check your domain name at http://filippo.io/Heartbleed/ and make sure you get an "All good" response.

Please note, Heartbleed is a critical vulnerability. It has affected nearly two-thirds of the Internet and many large Internet companies have been working long hours to update their services to keep our customers and visitors safe.