cPanel redirect to /cgi-sys/defaultwebpage.cgi when enforcing HTTPS

Hello, I recently began working with a domain purchased from Namecheap.

I have a couple other domains which are attached as Addon Domains to a shared hosting account operated via cPanel. For both of these other domains, what I had done was setup a Cloudflare site and set an A Record pointing to the IP address of the shared web server. I then used to set up Page Rules for asterisk(dot)domain(dot)extension/asterisk and domain(dot)extension/asterisk. I would set both to “Always use HTTPs”.

However, when I come to do this for my new domain (https://vybex.xyz), the moment I enable the force HTTPs Page Rules, I get the cPanel page headed “Default Web Site Page”. Please find a screenshot of the page here at the top of the linked imgur.

I also used to run into errors with some obscure cPanel 404 page. I’ve never seen this before, and this has never been an issue until now. The port fluctuates between 443 and 80. An example of this page can be seen in the second image in the linked imgur - Sometimes I get the generic 404 ErrorDocument page (third image), this also fluctuates, sometimes on refresh I get one 404 page, and other times I get the cPanel error page…

I have changed the Nameservers to my hosting account’s nameservers, eliminating Cloudflare from the mixture - and it works, over HTTP. I added Cloudflare again, and left the page rules off, and it works, over HTTP. The moment I enforce HTTPS, I get the “Default Web Site Page” served to me by cPanel.

I have been searching for some time now for an explanation to this issue - and I can’t find one, I might be missing something hiding in plain sight… I’ve tried clearing browser cache, flushing the DNS cache, using different browsers, using different ISPs, the issue persists. I have also made sure (after reading another community support post) that the A Record is pointing to the correct IP address.

It’s a weird issue - and sometimes, sometimes it works - and then you refresh the page and it gives you the cPanel error page again…

I’m completely inexperienced with issues like this, and would be really grateful if somebody could shed any light on this topic… If any more information is required - please ask and I’ll provide it immediately.

Many thanks.

Imgur: https://imgur.com/a/utkFiSJ

Can you post a screenshot of your DNS records, with redacted IP addresses?

Absolutely: https://imgur.com/a/AEUuenp

This hasn’t been changed from when I set up the site using Cloudflare, default entries, unmodified.

Thanks.

For starters, you are leaking your IP address with all the unproxied records :slight_smile: but you might need some of the unproxied (that I cant tell).

Second, you dont need the page rules you set up as you can set that under the SSL/TLS app for the entire site.

Third, particularly because of your remark regarding it working intermittently, I had a random guess that you might have set up more than one A record, because of which requests switched. That is not the case. I guess the IP address of the naked domain ends in 8 as well, right? In that case you’d have a valid certificate too. That last bit often is the reason for the page you are getting displayed.

My guess at this point would be it is something server related and you should check the log files in this case whenever the issue occurs, however I cant say yet for sure that it is server related.

I’ll make sure to look at those unproxied records, thanks for pointing it out. Like I said, I’m fairly inexperienced with this side of computing - so I’m an open book.

I’ve changed the page rules, thanks for letting me know about that. That’ll be much easier.

As for your statement about the multiple records, the cPanel has a zone editor with values entered, so yes - two identical A records. I may be wrong, but is this an issue?

Checking the log files should be interesting. I’m using a very restricted shared hosting. I’ll request SSH. Any idea where I should look?

Thanks again.

Identical shouldnt be an issue and, furthermore, if they are in cPanel they should apply to the DNS records managed by your host, which is currently inactive (due to your domain being managed by Cloudflare).

I’d check the access and error log, however requests showing the screen in question might not even hit your log files as they are being served your server’s default page, which is presumably logged somewhere else, defined by your host.

This error is weird, I’ve had a look at the logs that I can see from cPanel and there’s no sign… I’ll wait for SSH access, but even then - I don’t know where I’m looking…

I noticed that when I curl the domain, sometimes it has a meta tag that seems to be the cause? Randomly, other times it returns the correct HTML. Weird CURL: https://i.imgur.com/NDPSkzS.png

Correct CURL: https://i.imgur.com/IgOiKQ1.png

That meta tag is specifying the redirect.

IMHO you wont find anything in your log files, as these requests hit the default virtual host instead of yours and, hence, are logged in its log files instead of yours. I’d contact the host and have them have a look at that issue.

Could it be any caching on your end? Right now I only get such redirects and, interestingly enough, they come with an X-Cache header. I wouldnt expect that latter in this particular context.

I’ve contacted my hosting provider multiple times and they always insist the issue is nothing to do with them. If you could take a look at this, I’d be grateful: https://i.imgur.com/2zxK87S.png

I have other domains attached to this shared hosting and there are no issues, expect with this one…

I am afraid I am really not sure what they are trying to say. The way it is phrased here does not make much sense.

What is your current SSL mode on Cloudflare on the Crypto page?

1 Like

Now your host should explain this.

$ curl -i --resolve vybex.xyz:443:_._._._ https://vybex.xyz
HTTP/1.1 200 OK
Date: Fri, 31 May 2019 15:41:45 GMT
Last-Modified: Tue, 31 May 2016 23:25:21 GMT
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 69355000 95465319
Age: 6
X-Cache: HIT
X-Cache-Hits: 1
Accept-Ranges: bytes
Content-Length: 111
Connection: keep-alive

<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>

$ curl -i --resolve vybex.xyz:443:_._._._ https://vybex.xyz
HTTP/1.1 200 OK
Date: Fri, 31 May 2019 15:41:53 GMT
Last-Modified: Thu, 30 May 2019 21:39:09 GMT
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 96338538
Age: 0
X-Cache: MISS
Accept-Ranges: bytes
Transfer-Encoding: chunked
Connection: keep-alive

<h5>Example tag</h5>

Two identical requests, eight seconds apart, directly to your server (_._._._ was your server IP address). The first responding with the meta redirect, the second with the actual content.

I am afraid that issue is on your server and needs to be fixed there.

1 Like

Taking the caching headers into account, maybe really some issue with some cache on their end, but only your host can elaborate on that.

I’m glad I’m not the only one who was confused by their wording.
My SSL mode is set to Full.

Thanks very much for the detailed response, this will be very useful in later communication with the support on the hosting side.

Thanks again. I’m currently awaiting response from their support team - lest they insist it’s Cloudflare’s problem yet again…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.