Cannot access cPanel directly with https

echelondigital

Registered
Nov 29, 2007
2
0
51
I have searched and I am unable to find an answer to this question.

When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

I wonder if it might be suexec as I am seeing:
[2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
[2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)


Does anyone have any idea why this might be happening and/or how I might fix it

Thanks!

Tom
 
Last edited:

echelondigital

Registered
Nov 29, 2007
2
0
51
Does anyone have any ideas on this? I have continued to seach and I still cannot find anything... maybe I am just blind?!?
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
I have searched and I am unable to find an answer to this question.

When I try to access my cPanel, whm, or webmail I have to use http://www.domain.com/cpanel (or whm or webmail) and it then redirects to https://host.domain.com/cpanel (or whm or webmail) and everything works just fine. However, if I try to access directly with https://host.domain.com/cpanel (or whm or webmail) I get a 500 error.

I am using Apache 2.2 / Centos 5 (I just upgraded Apache, but even when I recompile with 2.0 I still have the same problem.)

I wonder if it might be suexec as I am seeing:
[2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
[2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)


Does anyone have any idea why this might be happening and/or how I might fix it

Thanks!

Tom

Try:

https://host.domain.com:2087 for WHM
https://host.domain.com:2083 for cpanel
https://host.domain.com:2096 for webmail
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
Either my SSL certificate appears to only support port 80 or doesn't support other subdomains. Is there a SSL certificate that you're aware of that supports cPanel ports?
cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

http://host.domain.com:2086 for WHM
http://host.domain.com:2082 for cpanel

and I don't remember the one for webmail. A search of these forums will turn that up though.
 

BOates

Active Member
PartnerNOC
May 28, 2005
39
13
158
Michigan
cPanel Access Level
Root Administrator
Regarding the original poster and this error:

Code:
[2007-12-04 11:18:44]: uid: (99/nobody) gid: (99/99) cmd: whmredirect.cgi
[2007-12-04 11:18:44]: cannot run as forbidden uid (99/whmredirect.cgi)
I assume you're using Mod suPHP and this only affects accessing the /cpanel, /whm, and /webmail redirects?

If so, this is because Mod suPHP is essentially refusing to let that VirtualHost entry access a file that is not owned by nobody.nobody. As it's owned by root.wheel, this presents problems.

The most immediate fix is to simply visit your SSL Entry for your server's main IP in your httpd.conf file (located at: /usr/local/apache/conf/httpd.conf)

Code:
<VirtualHost 123.123.123.123:443>
where 123.123.123.123 is your server's main IP.

Then, locate the following portion and remove it.

Code:
    <IfModule mod_suphp.c>
        suPHP_UserGroup nobody nobody
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup nobody nobody
    </IfModule>
Once removed, restart Apache and all will be well.
 
Last edited:

tonedoggydogg

Member
May 22, 2005
13
0
151
No Trust

cPanel uses private certs generated by your own machine (anybody can generate an SSL cert for encrypted communication).

You can reset yours under WHM's "Manage Service SSL Certificates" or use the non-secured ports with a regular http request:

http://host.domain.com:2086 for WHM
http://host.domain.com:2082 for cpanel

and I don't remember the one for webmail. A search of these forums will turn that up though.
Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

http://yourdomain.com - Homepage

https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

https://yourdomain.com:2082
- Returns and error or times out

https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.​

There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Well I know the option for calling without SSL. (I think it's port 2095 for Webmail, btw) I understand that cPanel can use private certificates generated by the server. However, this needs to be validated by a 3rd party or else the customer is prompted with a suggestion NOT to trust the certificate. But when buying a SSL certificate, it has to support these other ports, and I believe most SSL certificates cover only port 80.

http://yourdomain.com - Homepage

https://yourdomain.com - Your homepage using valid, purchased SSL certificate (works fine)

https://yourdomain.com:2082
- Returns and error or times out

https://yourdomain.com/cpanel - Prompts the user that the date of the cert is valid, the name matches the domain, but it was issued by a company you have chosen not to trust (known as the "Certifying Authority"). The browser usually suggests not to continue, which deters the customer from logging in.​

There needs to be a way to purchase a certificate that will cover these ports. While I will continue, my customers may not. Hopefully this clarifies my dilemma.
Are you sure you have installed the certificate also using WHM -> Service Configuration -> Manage Service SSL Certificates and clicking Install new Certificate for cPanel/WHM/Webmail Service?