1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ssl cert + 500 internal server error

Discussion in 'General Discussion' started by backtogeek, Aug 14, 2010.

  1. backtogeek

    backtogeek New Member

    Joined:
    Aug 4, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi Folks,

    Hopefully someone can help me with this one.

    I have an ssl cert installed and it works find in WHM, I also have a joomla site and WHMCS installed when i use https on those I get a 500 internal server error.

    output of log is:
    Code:
    SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (503) of file "/home/adminroo/public_html/clients/cart.php", referer: http://lmas-networks.com/
    and

    Code:
    SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (503) of file "/home/adminroo/public_html/index.php"
    UID 99 is nobody I think?

    If i stat a directory that contains files that give the 500 error I get:

    Code:
     File: `public_html'
      Size: 4096            Blocks: 8          IO Block: 4096   directory
    Device: 37h/55d Inode: 53739932    Links: 17
    Access: (0755/drwxr-xr-x)  Uid: (  503/adminroo)   Gid: (   99/  nobody)
    Access: 2010-08-08 04:10:10.000000000 +0100
    Modify: 2010-08-06 17:44:33.000000000 +0100
    Change: 2010-08-08 02:05:59.000000000 +0100
    and a file:


    Code:
      File: `index.php'
      Size: 2049            Blocks: 8          IO Block: 4096   regular file
    Device: 37h/55d Inode: 54595371    Links: 1
    Access: (0644/-rw-r--r--)  Uid: (  503/adminroo)   Gid: (  500/adminroo)
    Access: 2010-08-14 17:23:05.000000000 +0100
    Modify: 2010-07-18 04:01:24.000000000 +0100
    Change: 2010-08-08 02:06:07.000000000 +0100
    I have seen a few threds saying the cert may have been installed as the wrong user but im not sure how to check that and I am farly sure I installed it as adminroo.

    Any ideas?
     
  2. Miraenda

    Miraenda Member

    Joined:
    Jul 28, 2004
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Coralville, Iowa USA
    99 is the user nobody, so it has to be installed under the wrong user (nobody) if that is the error you are receiving.

    Go to /var/cpanel/userdata/nobody to see if the cert is there by domain.com_SSL (domain.com being your domain's name) name. If it is, then move it to /var/cpanel/userdata/user (where user is the cPanel username of the right user). Open up the domain.com_SSL file and change the following in that file:

    Code:
    documentroot: /home/user/public_html
    group: user
    homedir: /home/user
    user: user
    Replacing user with the username for each one. Of note, these are not the only lines in the file, they are just the lines you need to change in that file.

    If the account is a reseller and not owned by root, you will also need to change owner: root to owner: user.

    Please also check the ip: field has the right IP listed.

    After making all the changes, then run these commands to rebuild Apache with the new entries and get it restarted:

    Code:
    /scripts/rebuildhttpdconf
    /etc/init.d/httpd restart
     
  3. backtogeek

    backtogeek New Member

    Joined:
    Aug 4, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thank you so much Miraenda.

    This fixed the issue :) very helpfull indeed!
     
  4. Miraenda

    Miraenda Member

    Joined:
    Jul 28, 2004
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Coralville, Iowa USA
    I'm glad that worked, and you are very welcome. :)
     
  5. joshdale

    joshdale New Member

    Joined:
    Aug 25, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    thank you Miraenda...this worked like a charm :D
     
  6. silvatech

    silvatech New Member

    Joined:
    Sep 1, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks Miraenda! Worked like a charm!
     
  7. density5

    density5 New Member

    Joined:
    Aug 9, 2010
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Just so I'm clear, WHM forces you to install ssl certs as nobody as a security measure, which breaks ssl on that vhost, and the fix is to change everything back to user, thus circumventing the security?

    Pardon me for being picky, but is this the official method for installing ssl in a vhost?
     
  8. cPanelJared

    cPanelJared cPanel Staff
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,835
    Likes Received:
    12
    Trophy Points:
    38
    Location:
    Houston, TX
    nobody is only for shared SSL

    An SSL certificate should only be installed on the nobody user if it is meant to be a shared certificate. Normally, an SSL certificate should be installed for the account user that owns the domain for which the certificate was generated.
     
  9. egillette

    egillette Member

    Joined:
    Jan 5, 2010
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Orlando, FL
    Thanks Miranda. . .

    That worked. The interesting this is that WHM said I couldn't install it unless I installed it as the nobody user, but in SSH all I did was follow the steps you laid out, and it worked like a charm, but then I had the issue with a second site, and all I did the second time around was assign that user his own IP, and the problem was solved that way too. =0)
     
  10. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Correct, any SSL installed onto the main shared IP will only be installed as the user nobody via WHM, so if you are using that main shared IP for an account, you'd first have to install as nobody in WHM, then go into root SSH and do the steps I had noted (Miraenda user is my non-staff account).

    If you do not want to go through such a hassle, simply install a dedicated IP onto the account getting the SSL, then you can install the SSL using WHM onto the user's account rather than using the user nobody.
     
  11. Stuff5

    Stuff5 New Member

    Joined:
    Jun 17, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    What if i want to SSL a specific directory?

    For example my site has installed in the root

    so its: /https://www.domain.gr

    but i want the ssl to be used in /https://www.domain.gr/dir
     
  12. egillette

    egillette Member

    Joined:
    Jan 5, 2010
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Orlando, FL
    You would install the SSL certificate and then simply refer to the URL exactly the way you mentioned in your post.

    Securing a domain also secures its directories as well.

    So /https://www.domain.gr would be secure, just as https://www.domain.gr/<whatever_directory> would be.

    The only thing you can't do is secure a sub-domain in that fashion -- that would require a wildcard SSL certificate to secure *.domain.gr.

    But to answer your main question. . .it's just a matter of referring to the SSL secured domain within your HTML code.
     
  13. mikaoj

    mikaoj New Member

    Joined:
    Dec 5, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I've done the steps mentioned above, but when I try to rebuild httpd.conf I get this error:

    Code:
    Syntax error on line 266 of /usr/local/apache/conf/httpd.conf.1323104889:
    <VirtualHost> directive requires additional arguments
    
    When I remove the sub.domain.com_SSL file from /var/cpanel/userdata/user and try again, the rebuilding is fine. The account is owned by root and uses the shared ip from WHM and the certificate was installed in WHM.

    What am I missing?

    Best regards.
     
  14. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Please provide the information in that file:

    Code:
    cat /var/cpanel/userdata/user/sub.domain.com_SSL
    Something in the file is either missing or invalid.
     
  15. mikaoj

    mikaoj New Member

    Joined:
    Dec 5, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I've substituted the username and domain with a generic one:
    Code:
    --- 
    documentroot: /home/user/public_html
    group: user
    hascgi: 1
    homedir: /home/user
    ip: 213.166.179.17
    owner: root
    phpopenbasedirprotect: ~
    port: 443
    serveradmin: webmaster@sub.domain.com
    serveralias: www.sub.domain.com
    servername: sub.domain.com
    ssl: 1
    sslcacertificatefile: /etc/ssl/certs/sub.domain.com.cabundle
    sslcertificatefile: /etc/ssl/certs/sub.domain.com.crt
    sslcertificatekeyfile: /etc/ssl/private/sub.domain.com.key
    usecanonicalname: 'Off'
    user: user
    userdirprotect: -1
    
     
  16. mikaoj

    mikaoj New Member

    Joined:
    Dec 5, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the quick reply! Here's the file (I've substituted the username and domain):

    Code:
    --- 
    documentroot: /home/user/public_html
    group: user
    hascgi: 1
    homedir: /home/user
    ip: 213.166.179.17
    owner: root
    phpopenbasedirprotect: ~
    port: 443
    serveradmin: webmaster@sub.domain.com
    serveralias: www.sub.domain.com
    servername: sub.domain.com
    ssl: 1
    sslcacertificatefile: /etc/ssl/certs/sub.domain.com.cabundle
    sslcertificatefile: /etc/ssl/certs/sub.domain.com.crt
    sslcertificatekeyfile: /etc/ssl/private/sub.domain.com.key
    usecanonicalname: 'Off'
    user: user
    userdirprotect: -1
    
     
  17. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    I don't see anything there that would really cause this issue. Could you try opening up a ticket so we can check into this further? WHM > Support Center > Contact cPanel or the link in my signature are the methods you can use to submit a ticket. Thanks!
     
  18. egillette

    egillette Member

    Joined:
    Jan 5, 2010
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Orlando, FL
    Tristan,

    On an unrelated side-note:

    I read your blog yesterday just for kicks, and I found out something
    that actually helped me with a client's server.

    It was the "@reboot" thing for cron.

    I have a service that I have to start manually everytime this client's server goes offline or gets rebooted, and that did the trick -- you're just a fountain of information! =0)
     
  19. OcalaDesigns

    OcalaDesigns New Member

    Joined:
    Jun 10, 2011
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Alright, so now it's 2012 and you still can't just create your un-signed ssl in whm and assign it to a cpanel user account (with static IP) without doing these steps? WHM still forces you to use 'nobody' instead of the user in which it's intended for or am I doing something wrong? I don't understand why?
     
  20. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow

Share This Page