The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server-wide cert not working for cgi-bin

Discussion in 'Security' started by ottdev, Mar 2, 2016.

  1. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    63
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    What could be missing?
    We get "not found" when attempting to use a perl script loaded in an account's cgi-bin under the "shared" ssl.

    http://clientdomain.tld/cgi-bin/script.pl <-- works
    https://server.domain.tld/~userdir/cgi-bin/script.pl <-- "not found"

    https://server.domain.tld/~userdir/page.html <-- works
    so we know the userdir aspect is set up ok.

    Here's the error:
    Is it looking for a symbolic link 'cathyweb' to be in the /usr/local/apache/htdocs folder?
    How is it working then anyway for pages outside of the cgi-bin ?
    Why doesn't the server place this link at account creation time if it's necessary and userdir has been enabled?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Is there a particular reason for using a shared SSL certificate with Apache's Mod_Userdir? There are a few compatibility concerns with Apache Mod_Userdir that are not a concern when installing a certificate on an individual domain name. Documentation on this is found at:

    Apache mod_userdir Tweak - Documentation - cPanel Documentation

    Thank you.
     
  3. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    63
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    The reason is hundreds of legacy clients who have been using shared cert to protect their contact forms and the like for years .... It was *OUR* decision to shut down an older server with a competing panel and migrate the accounts to a cpanel server. We're not about to force all those clients to purchase SSL, nor to cover that expense ourselves.

    Let's Encrypt can't be integrated soon enough. ;)

    We've since found under the shared SSL that DirectoryIndex is not working either... in case it helps diagnose in case it's related?
    https://server.domain.tld/~userdir/ <-- "not found"
    https://server.domain.tld/~userdir/index.php <!-- works if you specify the actual page
    https://server.domain.tld/~anotheruserdir/ <-- "not found"
    https://server.domain.tld/~anotheruserdir/index.html <!-- works if you specify the actual page

    Verified, there is indeed a myriad of pagenames specified including index.php and index.html
     
    #3 ottdev, Mar 13, 2016
    Last edited: Mar 13, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    63
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    suphp and suexec
    The CGI scripts have 755 else they wouldn't work for the domain proper.
    It seems we can easily fix this by creating symbolic links like
    /usr/local/apache/htdocs/cathyweb -> /home/cathyweb/public_html

    Yet it seems like it is an incorrect configuration rather than missing links since calling pages outside of the cgi-bin works perfectly fine without such a link.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page