Jump to content

System Health Status - Website SSL Warning

caisc

By caisc
in Using WHMCS

 Share

Recommended Posts

caisc Member

caisc

Posted
Posted

Hi,

 

At this location in WHMCS admin area - System Health Status

 

Whmcs is showing me warning -

 

Website SSL

SSL is not configured for http://www.whmcsdomain.com/clients, which means that connections are not encrypted and passwords may be sent in plaintext. This will prevent some features, such as OpenID Connect, from functioning. This may also affect your ability to receive PCI or other accreditation.

 

 

My domain is using SSL and this URL is also protected http://www.whmcsdomain.com/clients, so why whmcs is showing false positive.

 

Thanks

0
Link to comment
Share on other sites
itoverblik Junior Member

itoverblik

Posted
Posted

Hi Caisc

 

I had some similar issues with my installation, but I weren't aware until the last day where I got it fixed.

It took 3 weeks and a lot of testing to locate the issue I had.

In short I started receiving FCGID and CGI timeouts when accessing the WHMCS admin page and the Apache error log was flooded with gateway timeouts.

I thought it was the host I was located on, the same did WHMCS, so we started changing a lot of stuff.

After some more digging and a lot of tests I noticed that the timeout was only when accessing the WHMCS dashboard or the system health status page.

When I deactivated the system health widget wihtin the user roles I had no issues.

So I starting focusing on that module / widget, WHMCS did not have any real fix for this so I kept going doing my own tests.

After 3 weeks with FW logs, HTTP and HTTPS calls from the server I found out that the timeout was only present when I had setup the WHMCS system URL in general settings to https://

There was no issues with the system health widget when using normal http://

 

To end a long story here, the issue was related to my server being behind a NAT FireWall rule, so the public IP 2.2.2.2 was NAT'ed to the DMZ IP 192.0.0.2 on the inside and when WHMCS was doing the HTTPS test it actually do a curl (or similar) test towards the URL you have typed in the WHMCS System URL.

But when the server is behind a NAT rule, the source and destination is the same IP and the FW will not allow that, so it kills the session / request.

To fix this you can either setup a hosts file on the server with the WHMCS System URL to point to the DMZ IP so it wont leave the FW when doing the test or the FW should be setup using DNS rewrite so it automatically change the public IP request to the server's internal DMZ IP.

 

It's a little techie this one, but just a notice about the issues I had and how I solved my issue.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept