SSL access to webmail.domain does not work

Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
Hi,

We have multiple servers with EA4 where clients can not log in to webmail.domain when using https: // in the URL, but access without https: // is normally done.

Code:
[[email protected] ~]# [[ -f /etc/cpanel/ea4/is_ea4 ]] && echo "This box uses EA4" || echo "This box uses EA3"
This box uses EA4
[[email protected] ~]#
[[email protected] ~]# httpd -v
Server version: Apache/2.4.38 (cPanel)
Server built:   Jan 30 2019 02:20:05
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# grep '' /usr/local/cpanel/version
11.70.0.66
[[email protected] ~]#
[[email protected] ~]# exim --version
Exim version 4.91 #1 built 11-May-2018 09:49:25
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 4.7.25: (September 12, 2013)


Code:
- Removed -

Some domains show:

- Removed -


Apache Server at webmail.example.com Port 443





Code:
 - Removed -


Other domains are redirected to the site:


- Removed -


Thanks

Moderator note, please review:
Guide To Opening An Effective Forums Thread
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I was informed that webmail.domain will not work because support for nginx in EA4 has been removed.

Is that correct?
Hello @Luana Premoli,

Nginx is not something that's been supported in the past. Are you using it as part of a specific third-party plugin?

Thank you.
 

Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
I checked with the responsible staff, and it was installed from the outside.

Could you explain the step by step default settings so that access to https: //webmail.domain works normally?


Currently only http: //webmail.domain works.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463

Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
Hi,


Nginx has already been removed ... and this is the reason we have the problem accessing the address https: //webmail.domain
.
We must have some misconfiguration and I'm not finding out what it is.

Can you tell me which files I have to check, and a correct configuration template so I can compare?

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello @Luana Premoli,

Can you open a support ticket so we can take a closer look at your system to see why it's not working? You can post the ticket number here and we'll link this thread to it.

Thank you.
 

Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
Hi,

We have identified that in virtualHost of port 443 has the webmail and cpanel entries, but virtualHost of port 80 does not have.


When we removed the entry from virtualHost at 443 access to the https://webmail.domain address was done correctly.

The question is:

1. Has the virtual host format changed from EA3 to EA4?
2. How to fix for the whole server because it is server shared and has more than 500 sites.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello @Luana Premoli,

The behavior you reported is not reproducible on a standard environment, so access to the system is needed to provide you with accurate advice. Are you able to open a support ticket so we can see the exact change you made and verify how the system is configured?

Thank you.
 

Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
The actual issue it seems is that we are missing stuff from our ssl_vhost.local template. It doesn't have the following code block.

Code:
[%- IF proxysubdomains && vhost.proxy_subdomains && supported.mod_proxy && supported.mod_rewrite && vhost.proxy_subdomains.size %]
    <IfModule headers_module>
    RequestHeader set X-HTTPS 1
    </IfModule>    RewriteEngine On
    [%- FOR label__zones = vhost.proxy_subdomains %]
        [%- FOR basezone = label__zones.value %]
            RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %] [OR]
            RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %]:[% vhost.port %][% !loop.last && ' [OR]' %]
        [%- END %]
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]        [% proxy_subdomain_redirect_rule(label__zones.key) %]
    [%- END %]    [%- FOR label__zones = vhost.proxy_subdomains %]
        [%- ws_redirect = proxy_subdomain_websocket_redirect_rule_if_exists(label__zones.key) %]
        [%- IF ws_redirect %]
            RewriteCond %{HTTP:Upgrade} websocket   [nocase]
            [%- FOR basezone = label__zones.value %]
                RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %] [OR]
                RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %]:[% vhost.port %][% !loop.last && ' [OR]' %]
            [%- END %]            [% ws_redirect %]
        [%- END %]
    [%- END %]
[%- END %]

Without those directives those requests do not get passed back to cPanel.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Without those directives those requests do not get passed back to cPanel.
If you're no longer using Nginx and you no longer need custom modifications to the default Apache virtual host templates, then you can remove the ssl_vhost.local file and rebuild the Apache configuration file with the following command:

Code:
/scripts/rebuildhttpdconf
This will ensure the default Apache virtual host configuration templates are utilized.

Thank you.