Go Back   ISPsystem.com Forums > ISPmanager > General technical discussion


Thread Tools
Old 07-29-2018, 06:01 PM   #1
Junior Member
Join Date: Jul 2018
Posts: 1
TomvB is on a distinguished road
Default Question SSL Roundcube / phpMyAdmin & www-root


I have a few questions about ISPmanager.

1. (Solved) When I request a certificate for the control panel (letsencrypt), it is not used by phpmyadmin and roundcube. I receive a 'random' certificate from a hosted website. The solution is now to create a new www-domain with the same domainname and letsencrypt.

Addition: The workaround (www-domain for roundcube/phpmyadmin) provides the following results on ssllabs.com after scanning "customer domain names."
Certificate #1: RSA 2048 bits (SHA256withRSA)
Everything = correct.

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
Alternative names ispmgrcp.url.com MISMATCH

What is the best solution for roundcube and phpmyadmin without this workaround? I dont like the 'mismatch' error.

Update 30-07-2018:

What I did to fix the error:
1. Add ispurl.domain.com to www-domains.
2. Do not enable SSL/Lets encrypt to prevent issues with SSL Labs!
3. Only virtualhost 80 is present in apache/nginx.
3. Add the following code to nginx.conf to fix the SNI/Cert errors:
server {
        server_name ispurl.domain.com ;
        ssl on;
        ssl_certificate "/usr/local/mgr5/etc/manager.crt";
        ssl_certificate_key "/usr/local/mgr5/etc/manager.key";
        ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        add_header Strict-Transport-Security "max-age=31536000;";
        ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
        charset off;
        disable_symlinks if_not_owner from=$root_path;
        include /etc/nginx/vhosts-includes/*.conf;
        include /etc/nginx/vhosts-resources/ispurl.domain.com/*.conf;
        access_log /var/www/httpd-logs/ispurl.domain.com.access.log;
        error_log /var/www/httpd-logs/ispurl.domain.coml.error.log notice;
        ssi on;
        set $root_path /var/www/user/data/www/ispurl.domain.com;
        root $root_path;
        listen http2;
        location / {
                location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @fallback;
                location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
                        try_files $uri $uri/ @fallback;
                location / {
                        try_files /does_not_exists @fallback;
        location @fallback {
                proxy_redirect /;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                access_log off;
4. Problem solved.
5. The SNI / Wrong certificate message is still there when scanning ispurl.domain.com. The problem is reversed. I get the error with customer certificates when scanning ispurl.domain.com. Problem has been solved for customer domain scans.
'Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI'

2. During the test, I saw the www-root account in the control panel. What is the default password for this account or can I find this in the logging?

@Admins do you want to enable SSL everywhere by default in the next update? Think of Roundcube / phpMyAdmin?

Thank you in advance.

Last edited by TomvB; 07-30-2018 at 07:51 PM.
TomvB is offline   Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 07:31 PM.