Webmail on subdomain with Let's Encrypt SSL

Trickster

Verified User
Joined
May 28, 2014
Messages
14
With the function Setting up webmail.domain.com as default for new domains. it is possible to create a subdomain for direct access to the webmail.
But there is no SSL on this domain, and with Let's encrypt there is no excuse to not encrypt your webmail.

Please run this tutorial first if you haven't it already done

1. Add the webmail subdomain to the let's encrypt selection list:

Add the following item to the /usr/local/directadmin/conf/directadmin.conf
Code:
letsencrypt_list=www:mail:ftp:pop:smtp:webmail

If you want to apply it by default, add the following line to the directadmin.conf to:
Code:
letsencrypt_list_selected=www:webmail

If the Lines doensn't exists you need to add this lines otherwise add the blue text

2. Setup a Virtual Host for HTTPS for the webmail

Code:
cd /usr/local/directadmin/data/templates
cp virtual_host2_secure.conf custom
cd custom

Open the file and append to the bottom of the file:
Code:
...
...

</VirtualHost>
<VirtualHost |IP|:|PORT_443| |MULTI_IP|>

     SSLEngine on
     SSLCertificateFile |CERT|
     SSLCertificateKeyFile |KEY|
     |CAROOT|

     ServerName webmail.|DOMAIN|
     ServerAdmin |ADMIN|
     DocumentRoot /var/www/html/roundcube
     CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
     CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
     ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

</VirtualHost>
This is for Apache to listen on webmail subdomain at port 443

3. Rewrite the httpd.conf files.
Code:
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d

If you create now a SSL certificate for a domain, you can select ( or it is autoselected with the option above ) the webmail subdomain.

Thats all !


Extra option:
If you want to Redirect all HTTP traffic to HTTPS for the webmail subdomain change the folowing line:
Caution: If the Domain hasn't the correct SSL certificate it will give a SSL warning

Open /usr/local/directadmin/data/templates/custom/virtual_host2.conf
Scroll to the bottom and remove the Red text and add the Blue text:

Code:
<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
  ServerName webmail.|DOMAIN|
  ServerAdmin |ADMIN|
  DocumentRoot /var/www/html/roundcube
  CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
  CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
  ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
  Redirect 301 / https://webmail.|DOMAIN|
</VirtualHost>


I hope this will help some people out, Lets encrypt the world !
 
  • Like
Reactions: Kal
If you create now a SSL certificate for a domain, you can select ( or it is autoselected with the option above ) the webmail subdomain.


Thanks for great tutorial, but with these settings you still won't be able to create cert.:

Code:
Getting challenge for domain.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for domain.com from acme-server...
Error: http://webmail.domain.com/.well-known/acme-challenge/letsencrypt_1504862212 is not reachable. Aborting the script.
 
Thanks for great tutorial.
Just please note that if you set redirect as you mention:

Extra option:
If you want to Redirect all HTTP traffic to HTTPS for the webmail subdomain change the folowing line:
Caution: If the Domain hasn't the correct SSL certificate it will give a SSL warning

DA won't be able to setup certificate for webmail.domain.com
 
-

That one should work:

Code:
<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
  ServerName webmail.|DOMAIN|
  ServerAdmin |ADMIN|
  RedirectMatch 301 ^/((?!.well-known).*)$ http://webmail.|DOMAIN|/$1
  DocumentRoot /var/www/html/roundcube
  CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
  CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
  ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
</VirtualHost>
 
Hi, in my server actually, using apache+nginx reverse provy i've added to my /usr/local/directadmin/data/templates/custom these files, modded as wrote here https://help.directadmin.com/item.php?id=633:
custom nginx_server.conf
virtual_host2.conf
webmail.domain.xx work correctly with http.

but, for https, ssl isn't recognized, here it is mine custom for nginx_server_secure.conf:

Code:
|CUSTOM1|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/|
server
{
|CUSTOM|

	listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
	|MULTI_IP|

	server_name |DOMAIN| www.|DOMAIN| |SERVER_ALIASES|;

	access_log /var/log/nginx/domains/|DOMAIN|.log;
	access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
	error_log /var/log/nginx/domains/|DOMAIN|.error.log;

	root |DOCROOT|;

	index index.php index.html index.htm;

	ssl_certificate |CERT|;
	ssl_certificate_key |KEY|;

	|FORCE_SSL_REDIRECT|

	|NGINX_PHP_CONF|
	
|*if HAVE_NGINX_PROXY="1"|
	location /
	{
|CUSTOM2|
|LOCATION_INSERT|
		# access_log off;
		proxy_buffering |PROXY_BUFFERING|;
		proxy_pass https://|PROXY_IP|:|PORT_8081|;
		proxy_set_header X-Client-IP      $remote_addr;
		proxy_set_header X-Accel-Internal /nginx_static_files;
		proxy_set_header Host             $host;
		proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
		proxy_hide_header Upgrade;
	}
	location /nginx_static_files/
	{
		# access_log  /var/log/nginx/access_log_proxy;
		alias       |DOCROOT|/;
		internal;
	}
|*else|
|NGINX_REDIRECTS|
|PROTECTED_DIRECTORIES|
|EXTRA_LOCATIONS|
|*endif|

|CUSTOM3|

	include /etc/nginx/webapps.ssl.conf;
	
|CUSTOM4|
}

server
{
       listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
       |MULTI_IP|

       server_name webmail.|DOMAIN|;

       root /var/www/html/roundcube;
       index index.php index.html index.htm;
       access_log /var/log/nginx/domains/|DOMAIN|.log;
       access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
       error_log /var/log/nginx/domains/|DOMAIN|.error.log;

|*if HAVE_PHP1_FPM="1"|
       # use fastcgi for all php files
       location ~ \.php$
       {
               try_files $uri =404;
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
               include /etc/nginx/fastcgi_params;
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               include /etc/nginx/nginx_limits.conf;

               if (-f $request_filename)
               {
                       fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock;
               }
       }
|*endif|

|*if HAVE_NGINX_PROXY="1"|
       location /
       {
               # access_log off;
               proxy_pass https://127.0.0.1:|PORT_8080|;
               proxy_set_header X-Client-IP      $remote_addr;
               proxy_set_header X-Accel-Internal /nginx_static_files;
               proxy_set_header Host             $host;
               proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
       }
       location /nginx_static_files/
       {
               # access_log  /var/log/nginx/access_log_proxy;
               alias       /var/www/html/roundcube/;
               internal;
       }
|*endif|

       # deny access to apache .htaccess files
       location ~ /\.ht
       {
               deny all;
       }
}

this one for custom virtual_host_secure.conf:

Code:
|CUSTOM1|
|?CGI=ScriptAlias /cgi-bin/ `HOME`/domains/`DOMAIN`/public_html/cgi-bin/|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|

|?OBDP1=|
|*if PHP1_RELEASE!="0"|
|?OBDP1=:/usr/local/php`PHP1_RELEASE`/lib/php/|
|*endif|
|?OBDP2=|
|*if PHP2_RELEASE!="0"|
|?OBDP2=:/usr/local/php`PHP2_RELEASE`/lib/php/|
|*endif|

|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/`OBDP1``OBDP2`|

|?FASTCGI_OPENBASEDIR=|
|*if OPEN_BASEDIR_ENABLED="ON"|
|?FASTCGI_OPENBASEDIR=-d open_basedir="`OPEN_BASEDIR_PATH`"|
|*endif|

|?PHP_MAIL_LOG=|
|?CLI_PHP_MAIL_LOG=|
|*if PHP_MAIL_LOG_ENABLED="1"|
|?PHP_MAIL_LOG=-d mail.log="`HOME`/.php/php-mail.log"|
|?CLI_PHP_MAIL_LOG=php_admin_value mail.log `HOME`/.php/php-mail.log|
|*endif|

|?PHP_EMAIL=`USER`@`DOMAIN`|
|?FASTCGI_SENDMAIL_FROM=-d sendmail_from="`PHP_EMAIL`"|

|?ALLOW_OVERRIDE=AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None|
|?COMBINED_LOG=combined|

<VirtualHost |IP|:|PORT_443| |MULTI_IP|>
|CUSTOM|
	SSLEngine on
	SSLCertificateFile |CERT|
	SSLCertificateKeyFile |KEY|
	|CAROOT|

	ServerName www.|DOMAIN|
	ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
	ServerAdmin |ADMIN|
	DocumentRoot |DOCROOT|
	|CGI|

	|USECANONICALNAME|

	|FORCE_SSL_REDIRECT|

	<IfModule !mod_ruid2.c>
		SuexecUserGroup |USER| |GROUP|
	</IfModule>
	|*if HAVE_RUID2="1"|
	<IfModule mod_ruid2.c>
		RMode config
		RUidGid |USER| |GROUP|
		#RGroups apache |SECURE_ACCESS_GROUP|
		RGroups @none
	</IfModule>
	|*endif|
	|*if RUID2_AND_MOD_SECURITY="1"|
	<IfModule mod_security2.c>
		SecAuditLogStorageDir |MODSEC_AUDIT_DIR|/|USER|
	</IfModule>
	|*endif|

	CustomLog |APACHELOGDIR|/|DOMAIN|.bytes bytes
	CustomLog |APACHELOGDIR|/|DOMAIN|.log |COMBINED_LOG|
	ErrorLog |APACHELOGDIR|/|DOMAIN|.error.log

	|*if SUSPENDED_REASON|
	<IfModule mod_env.c>
		SetEnv reason |SUSPENDED_REASON|
	</IfModule>
	|*endif|

|*if HAVE_PHP1_FPM_OLD="1"|
	#Make sure you're running Apache 2.4.10 or newer.
|*endif|

|*if HAVE_PHP2_FPM_OLD="1"|
	#Make sure you're running Apache 2.4.10 or newer.
|*endif|
|CUSTOM2|
	<Directory |DOCROOT|>
|CUSTOM3|
|*if CGI=""|
		|ALLOW_OVERRIDE|
		Options -ExecCGI -Includes +IncludesNOEXEC
|*endif|
|*if HAVE_PHP1_FPM="1"|
		<FilesMatch "\.(inc|php|phtml|phps|php|PHP1_RELEASE|)$">
			<If "-f %{REQUEST_FILENAME}">
				#ProxyErrorOverride on
				AddHandler "proxy:unix:/usr/local/php|PHP1_RELEASE|/sockets/|USER|.sock|fcgi://localhost" .inc .php .phtml .php|PHP1_RELEASE|
			</If>
		</FilesMatch> 
|*endif|
|*if HAVE_PHP2_FPM="1"|
		<FilesMatch "\.(inc|php|phtml|phps|php|PHP2_RELEASE|)$">
			<If "-f %{REQUEST_FILENAME}">
				#ProxyErrorOverride on
				AddHandler "proxy:unix:/usr/local/php|PHP2_RELEASE|/sockets/|USER|.sock|fcgi://localhost" .php|PHP2_RELEASE|
			</If>
		</FilesMatch>
|*endif|


|*if HAVE_PHP1_FCGI="1"|
		<IfModule mod_fcgid.c>
			FCGIWrapper '/usr/local/safe-bin/fcgid|PHP1_RELEASE|.sh /usr/local/directadmin/data/users/|USER|/php/|DOMAIN|.ini |FASTCGI_SENDMAIL_FROM| |FASTCGI_OPENBASEDIR| |PHP_MAIL_LOG|' .php
			<FilesMatch "\.php$">
				SetHandler fcgid-script
				Options +ExecCGI
			</FilesMatch>
		</IfModule>
|*endif|
|*if HAVE_PHP2_FCGI="1"|
		<IfModule mod_fcgid.c>
			FCGIWrapper '/usr/local/safe-bin/fcgid|PHP2_RELEASE|.sh /usr/local/directadmin/data/users/|USER|/php/|DOMAIN|.ini |FASTCGI_SENDMAIL_FROM| |FASTCGI_OPENBASEDIR| |PHP_MAIL_LOG|' .php|PHP2_RELEASE|
			<FilesMatch "\.php|PHP2_RELEASE|$">
				SetHandler fcgid-script
				Options +ExecCGI
			</FilesMatch>
		</IfModule>
|*endif|
|*if HAVE_SAFE_MODE="1"|
		php_admin_flag safe_mode |SAFE_MODE|
|*endif|
|*if CLI="1"|
		php_admin_flag engine |PHP|
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |PHP_EMAIL|'
		|CLI_PHP_MAIL_LOG|
|*endif|
|*if OPEN_BASEDIR="ON"|
		php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if HAVE_PHP1_CLI="1"|
		<FilesMatch "\.php$">
			AddHandler application/x-httpd-php|LSPHP1_RELEASE| .php
		</FilesMatch>
|*endif|
|*if HAVE_PHP2_CLI="1"|
		<FilesMatch "\.php|PHP2_RELEASE|$">
			AddHandler application/x-httpd-php|LSPHP2_RELEASE| .php|PHP2_RELEASE|
		</FilesMatch>
|*endif|
|*if SUPHP="1"|
		suPHP_Engine |PHP|
		suPHP_UserGroup |USER| |GROUP|
|*endif|
|*if HAVE_PHP1_SUPHP="1"|
		<FilesMatch "\.php$">
			AddHandler x-httpd-php|PHP1_RELEASE| .php
		</FilesMatch>
|*endif|
|*if HAVE_PHP2_SUPHP="1"|
		<FilesMatch \.php|PHP2_RELEASE|$>
			AddHandler x-httpd-php|PHP2_RELEASE| .php|PHP2_RELEASE|
		</FilesMatch>
|*endif|
	</Directory>

|*if USE_HOSTNAME_FOR_ALIAS="1"|
      RewriteEngine on
      RewriteOptions inherit
|*endif|

|HANDLERS|
|MIMETYPES|
|CUSTOM4|
</VirtualHost>

<VirtualHost |IP|:|PORT_443| |MULTI_IP|>
|CUSTOM|
	SSLEngine on
	SSLCertificateFile |CERT|
	SSLCertificateKeyFile |KEY|
	|CAROOT|

  ServerName webmail.|DOMAIN|
  ServerAdmin |ADMIN|
  DocumentRoot /var/www/html/roundcube
  CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
  CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
  ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
</VirtualHost>

Any suggestions?
Thanks
 
Last edited:
Do you all like http://webmail.domain.com so much better? Why?

We always use http://domain.com/webmail (which is default) and it's so much easier. Only create SSL for the server hostname and for the domain. Set de automatic redirect to SSL for the domain and ready. cPanel uses it the same way.

Ofcourse it's a choice but I don't understand why to make live so difficult while it's just as easy to remember for customers.
 
Richard G,
Yes. Not sure it's so much better. I think it more common over here. We have the Burger King generation to deal with too.. They want it there way. :cool: http://l7.alamy.com/zooms/29809a79e...mission-statement-have-it-your-way-anr9gb.jpg

Anyway

Go to google and type webmail and hit search.

https://duckduckgo.com/?q=webmail&atb=v152-6__&ia=web

For me the reason is a few things.
It's easy to remember.

Its common. Large companies all use subdomain for webmail.
https://webmail.earthlink.net
https://webmail.cox.net
https://webmail.spectrum.net
https://mail.yahoo.com
https://webmail.juno.com
https://mail.ionos.com
https://email.godaddy.com
https://outlook.live.com

It's more beautiful (corny right)

Like you said it's a choice.
 
Hi, in the meantime i've solved, here it is custom files for https under webmail.domain.xx

nginx_server_secure.conf
Code:
|CUSTOM1|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/|
server
{
|CUSTOM|

	listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
	|MULTI_IP|

	server_name |DOMAIN| www.|DOMAIN| |SERVER_ALIASES|;

	access_log /var/log/nginx/domains/|DOMAIN|.log;
	access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
	error_log /var/log/nginx/domains/|DOMAIN|.error.log;

	root |DOCROOT|;

	index index.php index.html index.htm;

	ssl_certificate |CERT|;
	ssl_certificate_key |KEY|;

	|FORCE_SSL_REDIRECT|

	|NGINX_PHP_CONF|
	
|*if HAVE_NGINX_PROXY="1"|
	location /
	{
|CUSTOM2|
|LOCATION_INSERT|
		# access_log off;
		proxy_buffering |PROXY_BUFFERING|;
		proxy_pass https://|PROXY_IP|:|PORT_8081|;
		proxy_set_header X-Client-IP      $remote_addr;
		proxy_set_header X-Accel-Internal /nginx_static_files;
		proxy_set_header Host             $host;
		proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
		proxy_hide_header Upgrade;
	}
	location /nginx_static_files/
	{
		# access_log  /var/log/nginx/access_log_proxy;
		alias       |DOCROOT|/;
		internal;
	}
|*else|
|NGINX_REDIRECTS|
|PROTECTED_DIRECTORIES|
|EXTRA_LOCATIONS|
|*endif|

|CUSTOM3|

	include /etc/nginx/webapps.ssl.conf;
	
|CUSTOM4|
}

server
{
       listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
       |MULTI_IP|

       server_name webmail.|DOMAIN|;

       root /var/www/html/roundcube;
       index index.php index.html index.htm;
       access_log /var/log/nginx/domains/|DOMAIN|.log;
       access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
       error_log /var/log/nginx/domains/|DOMAIN|.error.log;
       
       ssl_certificate |CERT|;
	   ssl_certificate_key |KEY|;

|*if HAVE_PHP1_FPM="1"|
       # use fastcgi for all php files
       location ~ \.php$
       {
               try_files $uri =404;
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
               include /etc/nginx/fastcgi_params;
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               include /etc/nginx/nginx_limits.conf;

               if (-f $request_filename)
               {
                       fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock;
               }
       }
|*endif|

|*if HAVE_NGINX_PROXY="1"|
       location /
       {
               # access_log off;
               proxy_pass https://|PROXY_IP|:|PORT_8081|;
               proxy_set_header X-Client-IP      $remote_addr;
               proxy_set_header X-Accel-Internal /nginx_static_files;
               proxy_set_header Host             $host;
               proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
       }
       location /nginx_static_files/
       {
               # access_log  /var/log/nginx/access_log_proxy;
               alias       /var/www/html/roundcube/;
               internal;
       }
|*endif|

       # deny access to apache .htaccess files
       location ~ /\.ht
       {
               deny all;
       }
}

virtual_host2_secure.conf
Code:
|CUSTOM1|
|?CGI=ScriptAlias /cgi-bin/ `HOME`/domains/`DOMAIN`/public_html/cgi-bin/|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|

|?OBDP1=|
|*if PHP1_RELEASE!="0"|
|?OBDP1=:/usr/local/php`PHP1_RELEASE`/lib/php/|
|*endif|
|?OBDP2=|
|*if PHP2_RELEASE!="0"|
|?OBDP2=:/usr/local/php`PHP2_RELEASE`/lib/php/|
|*endif|

|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/`OBDP1``OBDP2`|

|?FASTCGI_OPENBASEDIR=|
|*if OPEN_BASEDIR_ENABLED="ON"|
|?FASTCGI_OPENBASEDIR=-d open_basedir="`OPEN_BASEDIR_PATH`"|
|*endif|

|?PHP_MAIL_LOG=|
|?CLI_PHP_MAIL_LOG=|
|*if PHP_MAIL_LOG_ENABLED="1"|
|?PHP_MAIL_LOG=-d mail.log="`HOME`/.php/php-mail.log"|
|?CLI_PHP_MAIL_LOG=php_admin_value mail.log `HOME`/.php/php-mail.log|
|*endif|

|?PHP_EMAIL=`USER`@`DOMAIN`|
|?FASTCGI_SENDMAIL_FROM=-d sendmail_from="`PHP_EMAIL`"|

|?ALLOW_OVERRIDE=AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None|
|?COMBINED_LOG=combined|

<VirtualHost |IP|:|PORT_443| |MULTI_IP|>
|CUSTOM|
	SSLEngine on
	SSLCertificateFile |CERT|
	SSLCertificateKeyFile |KEY|
	|CAROOT|

	ServerName www.|DOMAIN|
	ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
	ServerAdmin |ADMIN|
	DocumentRoot |DOCROOT|
	|CGI|

	|USECANONICALNAME|

	|FORCE_SSL_REDIRECT|

	<IfModule !mod_ruid2.c>
		SuexecUserGroup |USER| |GROUP|
	</IfModule>
	|*if HAVE_RUID2="1"|
	<IfModule mod_ruid2.c>
		RMode config
		RUidGid |USER| |GROUP|
		#RGroups apache |SECURE_ACCESS_GROUP|
		RGroups @none
	</IfModule>
	|*endif|
	|*if RUID2_AND_MOD_SECURITY="1"|
	<IfModule mod_security2.c>
		SecAuditLogStorageDir |MODSEC_AUDIT_DIR|/|USER|
	</IfModule>
	|*endif|

	CustomLog |APACHELOGDIR|/|DOMAIN|.bytes bytes
	CustomLog |APACHELOGDIR|/|DOMAIN|.log |COMBINED_LOG|
	ErrorLog |APACHELOGDIR|/|DOMAIN|.error.log

	|*if SUSPENDED_REASON|
	<IfModule mod_env.c>
		SetEnv reason |SUSPENDED_REASON|
	</IfModule>
	|*endif|

|*if HAVE_PHP1_FPM_OLD="1"|
	#Make sure you're running Apache 2.4.10 or newer.
|*endif|

|*if HAVE_PHP2_FPM_OLD="1"|
	#Make sure you're running Apache 2.4.10 or newer.
|*endif|
|CUSTOM2|
	<Directory |DOCROOT|>
|CUSTOM3|
|*if CGI=""|
		|ALLOW_OVERRIDE|
		Options -ExecCGI -Includes +IncludesNOEXEC
|*endif|
|*if HAVE_PHP1_FPM="1"|
		<FilesMatch "\.(inc|php|phtml|phps|php|PHP1_RELEASE|)$">
			<If "-f %{REQUEST_FILENAME}">
				#ProxyErrorOverride on
				AddHandler "proxy:unix:/usr/local/php|PHP1_RELEASE|/sockets/|USER|.sock|fcgi://localhost" .inc .php .phtml .php|PHP1_RELEASE|
			</If>
		</FilesMatch> 
|*endif|
|*if HAVE_PHP2_FPM="1"|
		<FilesMatch "\.(inc|php|phtml|phps|php|PHP2_RELEASE|)$">
			<If "-f %{REQUEST_FILENAME}">
				#ProxyErrorOverride on
				AddHandler "proxy:unix:/usr/local/php|PHP2_RELEASE|/sockets/|USER|.sock|fcgi://localhost" .php|PHP2_RELEASE|
			</If>
		</FilesMatch>
|*endif|


|*if HAVE_PHP1_FCGI="1"|
		<IfModule mod_fcgid.c>
			FCGIWrapper '/usr/local/safe-bin/fcgid|PHP1_RELEASE|.sh /usr/local/directadmin/data/users/|USER|/php/|DOMAIN|.ini |FASTCGI_SENDMAIL_FROM| |FASTCGI_OPENBASEDIR| |PHP_MAIL_LOG|' .php
			<FilesMatch "\.php$">
				SetHandler fcgid-script
				Options +ExecCGI
			</FilesMatch>
		</IfModule>
|*endif|
|*if HAVE_PHP2_FCGI="1"|
		<IfModule mod_fcgid.c>
			FCGIWrapper '/usr/local/safe-bin/fcgid|PHP2_RELEASE|.sh /usr/local/directadmin/data/users/|USER|/php/|DOMAIN|.ini |FASTCGI_SENDMAIL_FROM| |FASTCGI_OPENBASEDIR| |PHP_MAIL_LOG|' .php|PHP2_RELEASE|
			<FilesMatch "\.php|PHP2_RELEASE|$">
				SetHandler fcgid-script
				Options +ExecCGI
			</FilesMatch>
		</IfModule>
|*endif|
|*if HAVE_SAFE_MODE="1"|
		php_admin_flag safe_mode |SAFE_MODE|
|*endif|
|*if CLI="1"|
		php_admin_flag engine |PHP|
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |PHP_EMAIL|'
		|CLI_PHP_MAIL_LOG|
|*endif|
|*if OPEN_BASEDIR="ON"|
		php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if HAVE_PHP1_CLI="1"|
		<FilesMatch "\.php$">
			AddHandler application/x-httpd-php|LSPHP1_RELEASE| .php
		</FilesMatch>
|*endif|
|*if HAVE_PHP2_CLI="1"|
		<FilesMatch "\.php|PHP2_RELEASE|$">
			AddHandler application/x-httpd-php|LSPHP2_RELEASE| .php|PHP2_RELEASE|
		</FilesMatch>
|*endif|
|*if SUPHP="1"|
		suPHP_Engine |PHP|
		suPHP_UserGroup |USER| |GROUP|
|*endif|
|*if HAVE_PHP1_SUPHP="1"|
		<FilesMatch "\.php$">
			AddHandler x-httpd-php|PHP1_RELEASE| .php
		</FilesMatch>
|*endif|
|*if HAVE_PHP2_SUPHP="1"|
		<FilesMatch \.php|PHP2_RELEASE|$>
			AddHandler x-httpd-php|PHP2_RELEASE| .php|PHP2_RELEASE|
		</FilesMatch>
|*endif|
	</Directory>

|*if USE_HOSTNAME_FOR_ALIAS="1"|
      RewriteEngine on
      RewriteOptions inherit
|*endif|

|HANDLERS|
|MIMETYPES|
|CUSTOM4|
</VirtualHost>

<VirtualHost |IP|:|PORT_443| |MULTI_IP|>
|CUSTOM|
	SSLEngine on
	SSLCertificateFile |CERT|
	SSLCertificateKeyFile |KEY|
	|CAROOT|
    
   ServerName webmail.|DOMAIN|
   ServerAdmin |ADMIN|
   DocumentRoot /var/www/html/roundcube
   CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
   CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
   ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log 
</VirtualHost>
 
Its common. Large companies all use subdomain for webmail.
It looks common but it's also what is provided. And you can not use mail like yahoo and outlook as an example, because just like gmail they started as webmail, not a fair comparison.
There are enough using /webmail and if you mention godaddy, I will mention OVH with https://www.ovh.nl/mail/ so it's not that big a difference.

Imho it's not what they want, it's what you provide them with. I'm administering 2 cPanel servers and 3 DA servers for 11 years now and we did not have 1 request the change it to /webmail.
From a customers point of view, it's the same if you punt webmail before or behind the name, it's just as easy to remember, so that's also a non argument.
And "they do it so we should" is also no argument.
Hence I don't see any good argument for using it. It's just the hosters choice imho. Looks to me you think its looking better.
Even better, in CPanel it also defaults to domain.com/webmail so....

But then again, its -your- choice (not the customers). So if you all want it to do it the difficult way (yes it is more difficult, have to adjust templates), it's your ballgame.

I did not want to start a discussion, I just wanted to point out that making ssl on domain.com/webmail is a faster and easier. And you can't deny that. No template adjustments needed.
 

Yup you say LARGE company's in Germany Government to.

But that are mostly then separate MAILSERVERs / clusters and not the same DA box handling Websites and co.

For having different MAchine's / Servers / locations / service company's or departments handling mail totally separate from the other things it is common use.

But only then sofar here in NL and Germany ;)

Also it is a kind of odd / stange way to have 1 real named mailserver/mailhost, and then pretending there are a lot of mailservers for every domainname itself on this to. ( Branding very very cheap way to do such, if Custommers want such they can have a separate VPS for themselves and their domain brings more money to )

But i'm old hihi ;)
 
Last edited:
Richard G,
I am not arguing. I am dialoging with you.
Do you all like http://webmail.domain.com so much better? Why?

I am answering "your" questions from my perspective. It is all just talking. It like me saying Led Zeppelin is the greatest band of all time. You saying no its Rush. or You like Blondes and I like Brunettes.

Honestly the variables don't matter.. You asked for my reasons why and I gave them. Just 2 guys talking...
 
bdacus01 said:
You asked for my reasons why and I gave them. Just 2 guys talking...
Oke I thought you were discussing and giving arguments why it should be used because just before I've read the feature request, but you're correct, you answered me. ;)
By the way..... I'm old too. :p
 
Oke I thought you were discussing and giving arguments why it should be used because just before I've read the feature request, but you're correct, you answered me. ;)
By the way..... I'm old too. :p

You all showed me the light

I have amended the post. I hope that is better..
 
The guide based on https://help.directadmin.com/item.php?id=92 worked and wanted subdomain ssl. However following this guide step-by-step, I was unable to get it working.

I'm getting:
"Debug mode. Level 10

dataskq: command: action=rewrite&value=httpd"

No webmail selection available in Let's Encrypt Certificate Entries
 
Back
Top