Results 1 to 9 of 9

Thread: Cannot access cPanel directly with https

  1. #1
    Registered User
    Join Date
    Nov 2007
    Posts
    2

    Default Cannot access cPanel directly with https

    I have searched and I am unable to find an answer to this question.

    When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

    I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

    I wonder if it might be suexec as I am seeing:
    [2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
    [2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)


    Does anyone have any idea why this might be happening and/or how I might fix it

    Thanks!

    Tom
    Last edited by echelondigital; 12-04-2007 at 04:14 PM.

  2. #2
    Registered User
    Join Date
    Nov 2007
    Posts
    2

    Default

    Does anyone have any ideas on this? I have continued to seach and I still cannot find anything... maybe I am just blind?!?

  3. #3
    Registered Member koolcards's Avatar
    Join Date
    Oct 2003
    Location
    Tampa, Fl
    Posts
    146

    Default

    Quote Originally Posted by echelondigital View Post
    I have searched and I am unable to find an answer to this question.

    When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

    I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

    I wonder if it might be suexec as I am seeing:
    [2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
    [2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)


    Does anyone have any idea why this might be happening and/or how I might fix it

    Thanks!

    Tom

    Try:

    https://host.domain.com:2087 for WHM
    https://host.domain.com:2083 for cpanel
    https://host.domain.com:2096 for webmail

  4. #4
    Registered Member
    Join Date
    May 2005
    Posts
    13

    Default

    Quote Originally Posted by koolcards View Post

    Either my SSL certificate appears to only support port 80 or doesn't support other subdomains. Is there a SSL certificate that you're aware of that supports cPanel ports?

  5. #5
    Registered Member koolcards's Avatar
    Join Date
    Oct 2003
    Location
    Tampa, Fl
    Posts
    146

    Default

    Quote Originally Posted by tonedoggydogg View Post
    Either my SSL certificate appears to only support port 80 or doesn't support other subdomains. Is there a SSL certificate that you're aware of that supports cPanel ports?
    cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

    You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

    http://host.domain.com:2086 for WHM
    http://host.domain.com:2082 for cpanel

    and I don't remember the one for webmail. A search of these forums will turn that up though.

  6. #6
    Registered Member cPanel Partner NOC Badge
    Join Date
    May 2005
    Posts
    17

    Default

    Regarding the original poster and this error:

    Code:
    [2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
    [2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)
    I assume you're using Mod suPHP and this only affects accessing the /cpanel, /whm, and /webmail redirects?

    If so, this is because Mod suPHP is essentially refusing to let that VirtualHost entry access a file that is not owned by nobody.nobody. As it's owned by root.wheel, this presents problems.

    The most immediate fix is to simply visit your SSL Entry for your server's main IP in your httpd.conf file (located at: /usr/local/apache/conf/httpd.conf)

    Code:
    <VirtualHost 123.123.123.123:443>
    where 123.123.123.123 is your server's main IP.

    Then, locate the following portion and remove it.

    Code:
        <IfModule mod_suphp.c>
            suPHP_UserGroup nobody nobody
        </IfModule>
        <IfModule !mod_disable_suexec.c>
            SuexecUserGroup nobody nobody
        </IfModule>
    Once removed, restart Apache and all will be well.

  7. #7
    Registered Member
    Join Date
    May 2005
    Posts
    13

    Default No Trust

    Quote Originally Posted by koolcards View Post
    cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

    You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

    http://host.domain.com:2086 for WHM
    http://host.domain.com:2082 for cpanel

    and I don't remember the one for webmail. A search of these forums will turn that up though.
    Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

    http://yourdomain.com - Homepage

    https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

    https://yourdomain.com:2082
    - Returns and error or times out

    https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.

    There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.

  8. #8
    Technical Product Specialist cPanelDavidG's Avatar
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    11,295
    cPanel/WHM Access Level

    Root Administrator

    Default

    Quote Originally Posted by tonedoggydogg View Post
    Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

    http://yourdomain.com - Homepage

    https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

    https://yourdomain.com:2082
    - Returns and error or times out

    https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.

    There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.
    Are you sure you have installed the certificate also using WHM -> Service Configuration -> Manage Service SSL Certificates and clicking Install new Certificate for cPanel/WHM/Webmail Service?

  9. #9
    Registered Member
    Join Date
    Sep 2006
    Posts
    144
    cPanel/WHM Access Level

    Website Owner

    Default

    Hello,
    It is:

    https://yourdomain.com:2083

    not

    https://yourdomain.com:2082



    Thats the problem I presume.


    Thanks,
    QHoster.com - Unlimited-Domain Web Hosting | Shared & Reseller with cPanel

Similar Threads

  1. Cannot access the domain name directly but can access with ~domainusername
    By arbabnazar in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 01-28-2013, 09:36 AM
  2. Replies: 0
    Last Post: 01-23-2013, 06:17 AM
  3. Cpanel access via https?
    By BigLebowski in forum cPanel & WHM Discussions
    Replies: 8
    Last Post: 10-30-2008, 01:54 PM
  4. Changed Apache user, nobody can access directly to cpanel or wHM
    By rbmrf in forum cPanel & WHM Discussions
    Replies: 0
    Last Post: 07-21-2008, 10:22 AM
  5. Where can I directly access the rpm's that cpanel uses on the install?
    By BianchiDude in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 11-08-2005, 11:13 AM
bargain