SSL access to webmail.domain does not work

[Luana Premoli]

Hi,

We have multiple servers with EA4 where clients can not log in to webmail.domain when using https: // in the URL, but access without https: // is normally done.

[[email protected] ~]# [[ -f /etc/cpanel/ea4/is_ea4 ]] && echo "This box uses EA4" || echo "This box uses EA3"
This box uses EA4
[[email protected] ~]#
[[email protected] ~]# httpd -v
Server version: Apache/2.4.38 (cPanel)
Server built:   Jan 30 2019 02:20:05
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# grep '' /usr/local/cpanel/version
11.70.0.66
[[email protected] ~]#
[[email protected] ~]# exim --version
Exim version 4.91 #1 built 11-May-2018 09:49:25
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 4.7.25: (September 12, 2013)

- Removed -

Some domains show:

- Removed -


Apache Server at webmail.example.com Port 443

 - Removed -

Other domains are redirected to the site:


- Removed -


Thanks

Moderator note, please review:
Guide To Opening An Effective Forums Thread

 

[Luana Premoli]

Hi,

I was informed that webmail.domain will not work because support for nginx in EA4 has been removed.

Is that correct?

Thanks

 

[cPanelMichael]

I was informed that webmail.domain will not work because support for nginx in EA4 has been removed.

Is that correct?

Hello @Luana Premoli,

Nginx is not something that's been supported in the past. Are you using it as part of a specific third-party plugin?

Thank you.

 

[Luana Premoli]

I checked with the responsible staff, and it was installed from the outside.

Could you explain the step by step default settings so that access to https: //webmail.domain works normally?


Currently only http: //webmail.domain works.

Thanks

 

[cPanelMichael]

Could you explain the step by step default settings so that access to https: //webmail.domain works normally?

Hello @Luana Premoli,

Service Subdomains open with the "https" URL by default with Apache. You can read about how this works at:

Service Subdomains Explanation - cPanel Knowledge Base - cPanel Documentation

I recommend converting back to Apache if the issue with third-party Nginx plugin is not solvable.

Thank you.

 

[Luana Premoli]

Hi,


Nginx has already been removed ... and this is the reason we have the problem accessing the address https: //webmail.domain
.
We must have some misconfiguration and I'm not finding out what it is.

Can you tell me which files I have to check, and a correct configuration template so I can compare?

Thanks

 

[cPanelMichael]

Hello @Luana Premoli,

Can you open a support ticket so we can take a closer look at your system to see why it's not working? You can post the ticket number here and we'll link this thread to it.

Thank you.

 

[Luana Premoli]

Hi,

We have identified that in virtualHost of port 443 has the webmail and cpanel entries, but virtualHost of port 80 does not have.


When we removed the entry from virtualHost at 443 access to the https://webmail.domain address was done correctly.

The question is:

1. Has the virtual host format changed from EA3 to EA4?
2. How to fix for the whole server because it is server shared and has more than 500 sites.

Thanks

 

[cPanelMichael]

Hello @Luana Premoli,

The behavior you reported is not reproducible on a standard environment, so access to the system is needed to provide you with accurate advice. Are you able to open a support ticket so we can see the exact change you made and verify how the system is configured?

Thank you.

 

[Luana Premoli]

The actual issue it seems is that we are missing stuff from our ssl_vhost.local template. It doesn't have the following code block.

[%- IF proxysubdomains && vhost.proxy_subdomains && supported.mod_proxy && supported.mod_rewrite && vhost.proxy_subdomains.size %]
    <IfModule headers_module>
    RequestHeader set X-HTTPS 1
    </IfModule>    RewriteEngine On
    [%- FOR label__zones = vhost.proxy_subdomains %]
        [%- FOR basezone = label__zones.value %]
            RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %] [OR]
            RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %]:[% vhost.port %][% !loop.last && ' [OR]' %]
        [%- END %]
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]        [% proxy_subdomain_redirect_rule(label__zones.key) %]
    [%- END %]    [%- FOR label__zones = vhost.proxy_subdomains %]
        [%- ws_redirect = proxy_subdomain_websocket_redirect_rule_if_exists(label__zones.key) %]
        [%- IF ws_redirect %]
            RewriteCond %{HTTP:Upgrade} websocket   [nocase]
            [%- FOR basezone = label__zones.value %]
                RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %] [OR]
                RewriteCond %{HTTP_HOST} =[% label__zones.key %].[% basezone %]:[% vhost.port %][% !loop.last && ' [OR]' %]
            [%- END %]            [% ws_redirect %]
        [%- END %]
    [%- END %]
[%- END %]

Without those directives those requests do not get passed back to cPanel.

 

[cPanelMichael]

Without those directives those requests do not get passed back to cPanel.

If you're no longer using Nginx and you no longer need custom modifications to the default Apache virtual host templates, then you can remove the ssl_vhost.local file and rebuild the Apache configuration file with the following command:

/scripts/rebuildhttpdconf

This will ensure the default Apache virtual host configuration templates are utilized.

Thank you.