In the wake of Heartbleed, I’ve been making improvements to the way Shanock.com handles SSL and mail.
I have applied SSL certificates from StartSSL to the following sites and services: https://www.shanock.com, mail.shanock.com, IMAP, POP, and SMTP. As a result, you will no longer get a warning about untrusted certificates in Internet Explorer, Chrome, and many other email and web clients. The notable exceptions are Mozilla Firefox and Thunderbird, which do not trust StartSSL as a certificate authority. I’m fine with this; StartSSL was free, and it’s a sight better than the self-signed certificates I was using before.
Subdomain users will also see the www.shanock.com-issued certificate used on their HTTPS connections. This will provide encryption, but not identity verification. I will not be providing validated certificates for every subdomain because of the limited nature of the free service from StartSSL. I also cannot allow my users to create certificates for Shanock.com subdomains on their own, because they need to own the domain to do so. Self-signed subdomain-specific certificates may become an option in the future.
For those who own top-level domains hosted by Shanock.com, however, everything changes. A default self-signed SSL certificate pair has been copied to /home/username/.ssl/, and this can be replaced with properly authenticated certificates by the domain owner at his/her own convenience and expense.
As a last note, I have finally gotten around to requesting a PTR record from my ISP. My IP now resolves to shanock.com, and this should help with email problems with certain websites (namely, Craigslist).