Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server-wide cert not working for cgi-bin

Discussion in 'Security' started by ottdev, Mar 2, 2016.

  1. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    115
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    What could be missing?
    We get "not found" when attempting to use a perl script loaded in an account's cgi-bin under the "shared" ssl.

    http://clientdomain.tld/cgi-bin/script.pl <-- works
    https://server.domain.tld/~userdir/cgi-bin/script.pl <-- "not found"

    https://server.domain.tld/~userdir/page.html <-- works
    so we know the userdir aspect is set up ok.

    Here's the error:
    Is it looking for a symbolic link 'cathyweb' to be in the /usr/local/apache/htdocs folder?
    How is it working then anyway for pages outside of the cgi-bin ?
    Why doesn't the server place this link at account creation time if it's necessary and userdir has been enabled?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Is there a particular reason for using a shared SSL certificate with Apache's Mod_Userdir? There are a few compatibility concerns with Apache Mod_Userdir that are not a concern when installing a certificate on an individual domain name. Documentation on this is found at:

    Apache mod_userdir Tweak - Documentation - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    115
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The reason is hundreds of legacy clients who have been using shared cert to protect their contact forms and the like for years .... It was *OUR* decision to shut down an older server with a competing panel and migrate the accounts to a cpanel server. We're not about to force all those clients to purchase SSL, nor to cover that expense ourselves.

    Let's Encrypt can't be integrated soon enough. ;)

    We've since found under the shared SSL that DirectoryIndex is not working either... in case it helps diagnose in case it's related?
    https://server.domain.tld/~userdir/ <-- "not found"
    https://server.domain.tld/~userdir/index.php <!-- works if you specify the actual page
    https://server.domain.tld/~anotheruserdir/ <-- "not found"
    https://server.domain.tld/~anotheruserdir/index.html <!-- works if you specify the actual page

    Verified, there is indeed a myriad of pagenames specified including index.php and index.html
     
    #3 ottdev, Mar 13, 2016
    Last edited: Mar 13, 2016
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    115
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    suphp and suexec
    The CGI scripts have 755 else they wouldn't work for the domain proper.
    It seems we can easily fix this by creating symbolic links like
    /usr/local/apache/htdocs/cathyweb -> /home/cathyweb/public_html

    Yet it seems like it is an incorrect configuration rather than missing links since calling pages outside of the cgi-bin works perfectly fine without such a link.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice