Cannot access cPanel directly with https

**echelondigital** · 12-04-2007 01:59 PM

I have searched and I am unable to find an answer to this question.

When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

I wonder if it might be suexec as I am seeing:
[2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
[2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)

Does anyone have any idea why this might be happening and/or how I might fix it

Thanks!

Tom

**echelondigital** · 12-13-2007 04:46 PM

Does anyone have any ideas on this? I have continued to seach and I still cannot find anything... maybe I am just blind?!?

**koolcards** · 12-14-2007 10:59 PM

Originally Posted by echelondigital

I have searched and I am unable to find an answer to this question.

When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

I wonder if it might be suexec as I am seeing:
[2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
[2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)

Does anyone have any idea why this might be happening and/or how I might fix it

Thanks!

Tom

Try:

https://host.domain.com:2087 for WHM
https://host.domain.com:2083 for cpanel
https://host.domain.com:2096 for webmail

**tonedoggydogg** · 12-16-2007 09:17 AM

Originally Posted by koolcards

Try:

https://host.domain.com:2087 for WHM
https://host.domain.com:2083 for cpanel
https://host.domain.com:2096 for webmail

Either my SSL certificate appears to only support port 80 or doesn't support other subdomains. Is there a SSL certificate that you're aware of that supports cPanel ports?

**koolcards** · 12-16-2007 10:27 AM

Originally Posted by tonedoggydogg

Either my SSL certificate appears to only support port 80 or doesn't support other subdomains. Is there a SSL certificate that you're aware of that supports cPanel ports?

cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

http://host.domain.com:2086 for WHM
http://host.domain.com:2082 for cpanel

and I don't remember the one for webmail. A search of these forums will turn that up though.

**BOates** · 12-18-2007 08:55 PM

Regarding the original poster and this error:

Code:

[2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
[2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)

I assume you're using Mod suPHP and this only affects accessing the /cpanel, /whm, and /webmail redirects?

If so, this is because Mod suPHP is essentially refusing to let that VirtualHost entry access a file that is not owned by nobody.nobody. As it's owned by root.wheel, this presents problems.

The most immediate fix is to simply visit your SSL Entry for your server's main IP in your httpd.conf file (located at: /usr/local/apache/conf/httpd.conf)

Code:

<VirtualHost 123.123.123.123:443>

where 123.123.123.123 is your server's main IP.

Then, locate the following portion and remove it.

Code:

    <IfModule mod_suphp.c>
        suPHP_UserGroup nobody nobody
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup nobody nobody
    </IfModule>

Once removed, restart Apache and all will be well.

**tonedoggydogg** · 12-19-2007 09:48 AM

Originally Posted by koolcards

cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

http://host.domain.com:2086 for WHM
http://host.domain.com:2082 for cpanel

and I don't remember the one for webmail. A search of these forums will turn that up though.

Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

http://yourdomain.com - Homepage

https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

https://yourdomain.com:2082 - Returns and error or times out

https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.

There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.

**cPanelDavidG** · 12-19-2007 11:04 AM

Originally Posted by tonedoggydogg

Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

http://yourdomain.com - Homepage

https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

https://yourdomain.com:2082 - Returns and error or times out

https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.

There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.

Are you sure you have installed the certificate also using WHM -> Service Configuration -> Manage Service SSL Certificates and clicking Install new Certificate for cPanel/WHM/Webmail Service?

**WebHostDog** · 12-19-2007 12:57 PM

Hello,
It is:

https://yourdomain.com:2083

not

https://yourdomain.com:2082

Thats the problem I presume.

Thanks,

LinkBack

Thread Tools

Cannot access cPanel directly with https

No Trust

How to allow cpanel/whm access via https only?

Cpanel access via https?

Changed Apache user, nobody can access directly to cpanel or wHM

CPanel/WHM Access over HTTPS

Where can I directly access the rpm's that cpanel uses on the install?