1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot access cPanel directly with https

Discussion in 'General Discussion' started by echelondigital, Dec 4, 2007.

  1. echelondigital

    echelondigital New Member

    Joined:
    Nov 29, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I have searched and I am unable to find an answer to this question.

    When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

    I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

    I wonder if it might be suexec as I am seeing:
    [2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
    [2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)


    Does anyone have any idea why this might be happening and/or how I might fix it

    Thanks!

    Tom
     
    #1 echelondigital, Dec 4, 2007
    Last edited: Dec 4, 2007
  2. echelondigital

    echelondigital New Member

    Joined:
    Nov 29, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Does anyone have any ideas on this? I have continued to seach and I still cannot find anything... maybe I am just blind?!?
     
  3. koolcards

    koolcards Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl

    Try:

    https://host.domain.com:2087 for WHM
    https://host.domain.com:2083 for cpanel
    https://host.domain.com:2096 for webmail
     
  4. tonedoggydogg

    tonedoggydogg New Member

    Joined:
    May 22, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
  5. koolcards

    koolcards Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

    You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

    http://host.domain.com:2086 for WHM
    http://host.domain.com:2082 for cpanel

    and I don't remember the one for webmail. A search of these forums will turn that up though.
     
  6. BOates

    BOates New Member

    Joined:
    May 28, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Regarding the original poster and this error:

    Code:
    [2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
    [2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)
    I assume you're using Mod suPHP and this only affects accessing the /cpanel, /whm, and /webmail redirects?

    If so, this is because Mod suPHP is essentially refusing to let that VirtualHost entry access a file that is not owned by nobody.nobody. As it's owned by root.wheel, this presents problems.

    The most immediate fix is to simply visit your SSL Entry for your server's main IP in your httpd.conf file (located at: /usr/local/apache/conf/httpd.conf)

    Code:
    <VirtualHost 123.123.123.123:443>
    where 123.123.123.123 is your server's main IP.

    Then, locate the following portion and remove it.

    Code:
        <IfModule mod_suphp.c>
            suPHP_UserGroup nobody nobody
        </IfModule>
        <IfModule !mod_disable_suexec.c>
            SuexecUserGroup nobody nobody
        </IfModule>
    Once removed, restart Apache and all will be well.
     
    #6 BOates, Dec 18, 2007
    Last edited: Dec 18, 2007
  7. tonedoggydogg

    tonedoggydogg New Member

    Joined:
    May 22, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    No Trust

    Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

    http://yourdomain.com - Homepage

    https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

    https://yourdomain.com:2082
    - Returns and error or times out

    https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.​

    There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,288
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Houston, TX
    Are you sure you have installed the certificate also using WHM -> Service Configuration -> Manage Service SSL Certificates and clicking Install new Certificate for cPanel/WHM/Webmail Service?
     
  9. WebHostDog

    WebHostDog Member

    Joined:
    Sep 3, 2006
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16

Share This Page