I've got DA setup to use SSL (SSL=1).
I've also used my Thawte Certificate for that.
I can login to DA on https://secure.vermaelen.be:2222
And also https://secure.vermaelen.be is using the same Cert.
Works fine.

However. If I link from a page on port 2222 to another page on my normale secure site, things go wrong.

If I click WEBMAIL on my DA panel, my browser goes to https://secure.vermaelen.be/squirrelmail and I get the error PAGE NOT FOUND.

If I open a new browser and go to the same url it works fine.
Even stranger. If I hit refresh from the error page, it works fine !!

I made a custom login page: https://secure.vermaelen.be/nl/login.html
Works fine. But if I log out or I enter a wrong password trying to login, things go wrong. Again PAGE NOT FOUND

In the custom login page I link to https://secure.vermaelen.be/nl/loginerror.html if there's an error and to https://secure.vermaelen.be/nl/logout.html as logout page.

Hitting refresh won't work now, instead I get the defauld error page or default logout page from DA. If I open a new browser and enter those url's manually. They work fine.

I'm puzzled. :confused:
Any idees ??

It appears that DA isn't using the same URL that you are.

What URL appears in the browser when you try the link from DA that causes the error?

Jeff

Originally posted by jlasman
What URL appears in the browser when you try the link from DA that causes the error?

What do you mean?

When I'm loged into DA this is the url on my browser:
https://secure.vermaelen.be:2222/

Then I click on WEBMAIL and a new window opens with the url:
https://secure.vermaelen.be/squirrelmail
But I get the error "De pagina kan niet worden weergegeven.".
Translated into English: "The page cannot be displayed."
In that same window I hit REFRESH and bingo, Squirrelmail appears.

Even stranger: I close that window and hit WEBMAIL again.
Squirrelmail opens in a new window as it should.
I close that window and goto another page in DA, and then hit WEBMAIL. Result: The Page cannot be displayed. Refresh and Squirrelmail is there again.

I think it might be a DNS problem as there are no error messages in the apache error logs. I'm currently migrating from my old server to my new DA server and DNS is still running on the old server. Maybe that's the problem.

Someone told me, if you open 2 websites on a different port with the same certificate that always gives trouble. Any experience with that??

Secure Certificates work by IP# and by port#, and compare the name you used to find the IP# and compare it with the name in the Certificate to see if they should issue a name mismatch error.

For your cert to work on port 2222 and for squirrelmail (which runs on the standard httpd secure port, 443), it would have to be installed twice. We do that when we install shared server certs.

I don't know why the first time doesn't work and a refresh does. If you got the Ceritificate from us please contact us by email and we'll investigate. Otherwise you might want to ask your Certificate provider to look for you.

Jeff

For your cert to work on port 2222 and for squirrelmail (which runs on the standard httpd secure port, 443), it would have to be installed twice.
I installed my Thawte Certificate as you explaned here:
http://www.directadmin.com/forum/showthread.php?threadid=3816

Is there something wrong with that way of installation?
Do I have to copy the Certificate and install it in 2 different directories?

The information in that thread should probably work.

I have no idea why it's not working in your browser.

:(

Is it working for other people using Squirrelmail on your server?

Jeff

Originally posted by Kilian
Then I click on WEBMAIL and a new window opens with the url:
https://secure.vermaelen.be/squirrelmail
But I get the error "De pagina kan niet worden weergegeven.".
Translated into English: "The page cannot be displayed."
In that same window I hit REFRESH and bingo, Squirrelmail appears.

...

I think it might be a DNS problem as there are no error messages in the apache error logs. I'm currently migrating from my old server to my new DA server and DNS is still running on the old server. Maybe that's the problem.


I think it's not DNS problem but rather trailing slash problem :)
Try this link: https://secure.vermaelen.be/squirrelmail/
If you need it working without the trailing slash, use Alias Apache directive.

I have exactly the same problem when using ssl.

when i log in en hit the webmail button, i get a page not found error. When i hit F5 i does show the webmail login page.

Same for the button Files.

I didn't find the solution so temporarily i changed the urls to of
those two button to http://

I know this is not very secure so i hope someone finds the solution.

Hey,
I stumbled onto a big difference between IE and FireFox or Opera.

The problem with SSL as we were discussing above, seems to be limited to Internet Explorer. I tried it in FireFox and no problem there. Everything works fine. I also tried it in Opera and no problem at all !!

Damn Bill Gates !! :mad:

Hi there!

I have exactly the same problem on serveral servers. I also discovered that firefox has no problemens with it and IE does.

But since the majority is using IE(not me!) I do need an answer.

I want to upload files with https and the problem than get bigger, repreducable.

Anyone ?

Found the problem in IE.

When you switch off SSL 3.0 in the IE settings the 'page not found' error is gone.

Next thing is to discover how to solve ths on the server side.

I installed the newest OPENSSL but that did not help.

Since I need to continue with my other work I made a work-around in the httpd.conf, in the mod_ssl section.

Just add the folowing and restart the httpd service, close all you're browser and you will see that SSL2.0 is used instead of 3.0. And this works for me now!!!!

SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP

Hi,

Great sollution, but I keep reading warnings left and right not to edit httpd.conf manually.
DA is likely to overwrite those custom lines at the next update.

I tried adding those lines in the custom httpd section under extra features in DA, but that did not work.

Anyone any ideas on how to implement the above workaround in such a way it wont be overwritten? :confused:

Originally posted by Kilian

I tried adding those lines in the custom httpd section under extra features in DA, but that did not work.

Could you be more specific?

First, what exactly did you do (step by step)?
Second, how did you find out it didn't work?
Third, did you check user config files to make sure custom template changes were applied?
And lastly, did you restart Apache after checking user config files?

Hello,

The mod_ssl section is in the /etc/httpd/conf/httpd.conf.
This file is safe to edit as you need, will not lose your changes. Find the following line:<VirtualHost _default_:443>and add the additions shortly after it (that's the mod_ssl section).

John

Hi John,

I thought I tested that(not sure anymore I tested so much ;-)) but it didn't work on that position in the httpd.conf.

So I put it in the httpd.conf in the <IfModule mod_ssl.c> section right after SSLLogLevel error.

Greetings,
Michel.

Ok, thanks for the clarification! ;)

John

Originally posted by nieuwhier
So I put it in the httpd.conf in the <IfModule mod_ssl.c> section right after SSLLogLevel error.
So, I did placed it right there.
Closed al IE windows.
Restarted httpd service.
and ...

NOTHING HAPPENED !!! :confused:

Anymore ideas ?? Anyone ??

Thats weird. I did install the latest OPENSSL version.

I'll check my settings againg for you tomorrow.

/etc/httpd/conf/httpd.conf is the only place where I put the changes.

Are you sure you closed all you're IE screens, perhaps clearing the cache would help also.

As you probably now ;-) Checking which SSL is used can be done by right-clicking the page and choose properties.

ATTENTION:

When you install a new version of SSL you also should install a new version of wget.

Very strange but wget stops working for local SSL sites. The newest version solves this.

http://www.linuxfromscratch.org/blfs/view/stable/basicnet/wget.html

Bill Gates, IE and imcomptabablity or not this issue REALLY needs to be addressed by the software authors DA.

It is the responsiblity of the software author to make sure that if there is a browser issue that a work around be provided and not left to fester.

Excuse me, but when the users on the Kayako forums reported issues under different browsers, Kayako provided a work around to resolve the problem and peopler were screaming about the issues with loading Kayako's admin panel under different panels.

According to Urchin on our boxes, IE users outnumber Firefox and Opera users 2 to 1. And these are people visiting our site. This issue cannot be left alone.

Has any submitted a bug report?

On the admin and reseller menu the webmail link breaks one option but under the user level it breaks 3. This is enough of a problem to warrant a fix or work around by DA in my opinion.

Possibly the removal of the big webmail link would suffice. Or, the issue may resolve if instead of a link the icon could open another page with both webmail links provided.

This is the job of DA. They need to fix this issue and im not about to tell my users to click on the webmiail link and then to click on the REFRESH button to retrieve the application.

Originally posted by pucky
This is the job of DA. They need to fix this issue and im not about to tell my users to click on the webmiail link and then to click on the REFRESH button to retrieve the application.

You're absolutely right !!
But when I first reported this issue, they didn't do anything about it. I've tried several times, but no luck.
DA will not trie to solve it. (Or the're incapable of it and are affraid to admit this).:eek:

Why arent there more people asking for this issue to be fixed?

We should not be told to SHUT UP and deal with it!! It should be fixed. If your using the Alias directive in httpd.conf and its not working then a better alternative should be provided.

Even cpanel uses Alias for Squirrelmail. The only difference is Squirrelmail is setup, not under /var/www/html. but under /usr/local/cpanel/3rdparty/Squirrelmail and Apache does not have a problem with this solution. And it works flawlessly under SSL so you cant tell me that IE has a problem with Alias under httpd.conf because it works under cpanel and the basic setup concept is identical with the exception of the location of Squirrelmail and the permissions.

.......but this does not solve the issue. I dont care what anyone says. Its DA's responsiblity to fix this.

Excuse me, but when the users on the Kayako forums reported issues under different browsers, Kayako provided a work around to resolve the problem and peopler were screaming about the issues with loading Kayako's admin panel under different panels.

Same issue, when users complained of browser issues under;

Iono
vbulletin
cpanel
plesk
Ensim
Kayako
Modernbill

etc

All were resolved promptly!!!!!!!!!!!

Dont tell me to shutup and deal with it! Im paying good money for my licenses and i expect software that works, browser issues or not! :rolleyes:

Pucky,

Just to set the record stright, I don't recall anyone telling you to shut up, so your entire post looks rather confusing to say the least. You might want to edit it for the sake of correctness, clarity and should I say, good manners. I do believe it might contribute a great deal to this discussion :)

It's my understanding that the SSL problem being discussed here isn't something related to DirectAdmin specifically and it can be fixed by reconfiguring Apache.
Would it be nice to have the fix included into default DA configuration? Sure. But the fact is - it's not included now, so your options here are:
1. to fix it on your own
2. to hire someone who can fix it for you and
3. to submit this as a bug report or feature request to DA team and to work with them so they include it into their default Apache configuration.

I assume that other people chose either (1) or (2) as they felt it would most benefit their own clients and therefore there are not that many requests to get this issue addressed by DA team.

I hope this post clarifies your questions above and good luck with any path you might choose :)

Originally posted by pucky
The SHUTUP and deal with it issue in in regards to DirectAdmin Support who told Killian that they WOULD NOT fix this issue after he reported it too DA Support.

In other words, they are being very unprofessional in their reply. What do you mean by "we wont fix it!"
They didn't litterally tell me they will not fix it, they just don't do it.
Just to be correct.

Rest assured, i am writing my own redirect code and when its done it wont be shared.

Its a pitty that i had to revert to writing code to fix the problem.

Need i also mention that phpmyadmin displays the same 404 page not found.

Make that 4 links now. 4 links in the users control panel that fails if you enable SSL.

This is amazing!!! :rolleyes: And no solutions? I cant believe that eveyone has this working. They are either oblivious to the truth or nobody is running their control panels using SSL.

What a lame solution to an obvious problem.

Originally posted by pucky
Need i also mention that phpmyadmin displays the same 404 page not found.

Make that 4 links now. 4 links in the users control panel that fails if you enable SSL.

This is amazing!!! :rolleyes: And no solutions? I cant believe that eveyone has this working. They are either oblivious to the truth or nobody is running their control panels using SSL.

What a lame solution to an obvious problem.

Once again, this has nothing to do with the links in DA control panel. If you are experiencing this problem then ANY secure link on your server (linked from the control panel or not) might occasionally generate 'page can not be displayed' error.

I am sure any experienced sys admin has it working right, if you are unable to fix this on your own, there are still options (2) and (3) in my earlier post available for you.

Good luck.

Originally posted by Webcart
Once again, this has nothing to do with the links in DA control panel. If you are experiencing this problem then ANY secure link on your server (linked from the control panel or not) might occasionally generate 'page can not be displayed' error.

I am sure any experienced sys admin has it working right, if you are unable to fix this on your own, there are still options (2) and (3) in my earlier post available for you.

Good luck.

Thanks for assuming once again. I have 8yrs in Unix and have worked on countless servers in the past as a consultant. I dont need educating, but thanks for the suggestion.

Now that you know about that, i can tell you that SSL enabled SSL=1, returns pages not found on 4 links in the control panel UNDER IE. They all happen to be the ALIAS's pointing to /var/www/html/. This includes all the webmail and phpmyadmin. That is 4 of them. All other links work fine with this exception.

When you click on those links a 404 page not found is returned under IE. When you refresh the browser they come to life. If this is a brower incompatability, then providing an alternate other than dumping 3rd party software to /var/www/html or to a custom directory where this issue does not rear its ugly head, is in order.

Originally posted by pucky
Thanks for assuming once again. I have 8yrs in Unix and have worked on countless servers in the past as a consultant. I dont need educating, but thanks for the suggestion.

8 years of experience or not, you apparently can't fix this on your own. More than that, based on your posts above you don't seem to have an understanding of where the problem is and why it happens.

You might not need "educating", but you do need some help don't you?

Originally posted by Webcart
8 years of experience or not, you apparently can't fix this on your own. More than that, based on your posts above you don't seem to have an understanding of where the problem is and why it happens.

You might not need "educating", but you do need some help don't you?

I cant control the messed up link solutions provided by DA. Thats not under my control. Has nothing to do with me. Show me a solution to this problem? Everyone who has reported it still reverts to putting up with the issue but they certainly do not have this problem resolved. And i cant believe anyone else does. If its working for them, its because they are using Opera or Firefox but the solution to get this working under IE is unresolved! I would be happy to test your installation. I can guarantee that i can get you a screen shot of your own charred installation under IE.

So before you froth at the mouth and try to offer wise words of wisdom instead of offering a solution, make sure your own installation works as expected.

Im still waiting webcart. Waiting for a demo link to your control panel so that i can prove to you that your own installation is a problem under SSL. I cant wait.