Webmail is “Unable to make a secure connection to the server”

Question

I am configuring a Ubuntu14/NGinX server and almost everything is up and running (phpmyadmin, ispconfig, etc).

I installed Dovecot/Postfix/Squirelmail to establish a mailserver. I followed the 'the-perfect-server-ubuntu-14.04-nginx-bind-mysql-php-postfix-dovecot-and-ispconfig3' manual from HowToForge

I can connect via https to ISPConfig (port 8080) but webmail (port 8081) gives me a SSL Connection error;

Unable to make a secure connection to the server. 
This may be a problem with the server, 
or it may be requiring a client authentication 
certificate that you don't have.


Error code: ERR_SSL_PROTOCOL_ERROR

This is the first time I (tried to) configure a mailserver on Ubuntu/NGinx, I think it almost works but am unable to fix the last steps..

UPDATE:

Below is the apps.vhost from sites-enabled

server {
    listen 8081;

    server_name _;

    root   /var/www/apps;

    client_max_body_size 20M;

    location / {
           index index.php index.html;
    }

    # serve static files directly
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
           access_log        off;
    }

    location ~ \.php$ {
           try_files $uri =404;
           fastcgi_param   QUERY_STRING            $query_string;
           fastcgi_param   REQUEST_METHOD          $request_method;
           fastcgi_param   CONTENT_TYPE            $content_type;
           fastcgi_param   CONTENT_LENGTH          $content_length;

           fastcgi_param   SCRIPT_FILENAME         $request_filename;
           fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
           fastcgi_param   REQUEST_URI             $request_uri;
           fastcgi_param   DOCUMENT_URI            $document_uri;
           fastcgi_param   DOCUMENT_ROOT           $document_root;
           fastcgi_param   SERVER_PROTOCOL         $server_protocol;

           fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
           fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

           fastcgi_param   REMOTE_ADDR             $remote_addr;
           fastcgi_param   REMOTE_PORT             $remote_port;
           fastcgi_param   SERVER_ADDR             $server_addr;
           fastcgi_param   SERVER_PORT             $server_port;
           fastcgi_param   SERVER_NAME             $server_name;

           fastcgi_param   HTTPS                   $https;

           # PHP only, required if PHP was built with --enable-force-cgi-redirect
           fastcgi_param   REDIRECT_STATUS         200;
           fastcgi_pass unix:/var/lib/php5-fpm/apps.sock;
           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           #fastcgi_param PATH_INFO $fastcgi_script_name;
           fastcgi_buffer_size 128k;
           fastcgi_buffers 256 4k;
           fastcgi_busy_buffers_size 256k;
           fastcgi_temp_file_write_size 256k;
    }

    location ~ /\. {
           deny  all;
    }

    location /phpmyadmin {
           root /usr/share/;
           index index.php index.html index.htm;
           location ~ ^/phpmyadmin/(.+\.php)$ {
                   try_files $uri =404;
                   root /usr/share/;
                   fastcgi_param   QUERY_STRING            $query_string;
                   fastcgi_param   REQUEST_METHOD          $request_method;
                   fastcgi_param   CONTENT_TYPE            $content_type;
                   fastcgi_param   CONTENT_LENGTH          $content_length;

                   fastcgi_param   SCRIPT_FILENAME         $request_filename;
                   fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
                   fastcgi_param   REQUEST_URI             $request_uri;
                   fastcgi_param   DOCUMENT_URI            $document_uri;
                   fastcgi_param   DOCUMENT_ROOT           $document_root;
                   fastcgi_param   SERVER_PROTOCOL         $server_protocol;

                   fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
                   fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

                   fastcgi_param   REMOTE_ADDR             $remote_addr;
                   fastcgi_param   REMOTE_PORT             $remote_port;
                   fastcgi_param   SERVER_ADDR             $server_addr;
                   fastcgi_param   SERVER_PORT             $server_port;
                   fastcgi_param   SERVER_NAME             $server_name;

                   fastcgi_param   HTTPS                   $https;

                   # PHP only, required if PHP was built with --enable-force-cgi-redirect
                   fastcgi_param   REDIRECT_STATUS         200;
                   # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
                   #fastcgi_pass 127.0.0.1:9000;
                   fastcgi_pass unix:/var/run/php5-fpm.sock;
                   fastcgi_index index.php;
                   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                   fastcgi_buffer_size 128k;
                   fastcgi_buffers 256 4k;
                   fastcgi_busy_buffers_size 256k;
                   fastcgi_temp_file_write_size 256k;
                   fastcgi_read_timeout 1200;
           }
           location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                   root /usr/share/;
           }
    }
    location /phpMyAdmin {
           rewrite ^/* /phpmyadmin last;
    }

    location /squirrelmail {
           root /usr/share/;
           index index.php index.html index.htm;
           location ~ ^/squirrelmail/(.+\.php)$ {
                   try_files $uri =404;
                   root /usr/share/;
                   fastcgi_param   QUERY_STRING            $query_string;
                   fastcgi_param   REQUEST_METHOD          $request_method;
                   fastcgi_param   CONTENT_TYPE            $content_type;
                   fastcgi_param   CONTENT_LENGTH          $content_length;

                   fastcgi_param   SCRIPT_FILENAME         $request_filename;
                   fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
                   fastcgi_param   REQUEST_URI             $request_uri;
                   fastcgi_param   DOCUMENT_URI            $document_uri;
                   fastcgi_param   DOCUMENT_ROOT           $document_root;
                   fastcgi_param   SERVER_PROTOCOL         $server_protocol;

                   fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
                   fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

                   fastcgi_param   REMOTE_ADDR             $remote_addr;
                   fastcgi_param   REMOTE_PORT             $remote_port;
                   fastcgi_param   SERVER_ADDR             $server_addr;
                   fastcgi_param   SERVER_PORT             $server_port;
                   fastcgi_param   SERVER_NAME             $server_name;

                   fastcgi_param   HTTPS                   $https;

                   # PHP only, required if PHP was built with --enable-force-cgi-redirect
                   fastcgi_param   REDIRECT_STATUS         200;
                   # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used
                   #fastcgi_pass 127.0.0.1:9000;
                   fastcgi_pass unix:/var/run/php5-fpm.sock;
                   fastcgi_index index.php;
                   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                   fastcgi_buffer_size 128k;
                   fastcgi_buffers 256 4k;
                   fastcgi_busy_buffers_size 256k;
                   fastcgi_temp_file_write_size 256k;
           }
           location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                   root /usr/share/;
           }
    }
    location /webmail {
           rewrite ^/* /squirrelmail last;
    }

    location /cgi-bin/mailman {
           root /usr/lib/;
           fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
           fastcgi_param   QUERY_STRING            $query_string;
           fastcgi_param   REQUEST_METHOD          $request_method;
           fastcgi_param   CONTENT_TYPE            $content_type;
           fastcgi_param   CONTENT_LENGTH          $content_length;

           fastcgi_param   SCRIPT_FILENAME         $request_filename;
           fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
           fastcgi_param   REQUEST_URI             $request_uri;
           fastcgi_param   DOCUMENT_URI            $document_uri;
           fastcgi_param   DOCUMENT_ROOT           $document_root;
           fastcgi_param   SERVER_PROTOCOL         $server_protocol;

           fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
           fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

           fastcgi_param   REMOTE_ADDR             $remote_addr;
           fastcgi_param   REMOTE_PORT             $remote_port;
           fastcgi_param   SERVER_ADDR             $server_addr;
           fastcgi_param   SERVER_PORT             $server_port;
           fastcgi_param   SERVER_NAME             $server_name;

           fastcgi_param   HTTPS                   $https;

           # PHP only, required if PHP was built with --enable-force-cgi-redirect
           fastcgi_param   REDIRECT_STATUS         200;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           fastcgi_param PATH_INFO $fastcgi_path_info;
           fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
           fastcgi_intercept_errors on;
           fastcgi_pass unix:/var/run/fcgiwrap.socket;
    }

    location /images/mailman {
           alias /usr/share/images/mailman;
    }

    location /pipermail {
           alias /var/lib/mailman/archives/public;
           autoindex on;
    }
}

UPDATE 2:

I cannot comment as I don't have 50 reputation yet and I cannot answer my own question, So for now I have no idea how to handle the comments & responses..

Please post the relevant parts of the Nginx configuration related to port 8081. — jeffatrackaid, Jun 24 '14 at 17:51
I'm no `nginx` expert, but you don't appear to have the 8081 listener configured to use SSL. What makes you think this is an https service? — MadHatter, Jun 25 '14 at 09:21

score 0 · Answer 1 · answered Jun 25 '14 at 15:25

You have not configured that port to be ssl, so your browser is returning an error.

On Nginx, you can enable ssl protocol on a port by adding ssl to the listen line.

server {
        listen 8081 ssl;
...
       }

You can also use ssl on in your configuration but the above method is preferred.

You will also need to fully specify your SSL key and certificate information.

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}

For more details see Configuring HTTPS servers at Nginx.

Webmail is “Unable to make a secure connection to the server”

1 Answers1