Roundcube SOAP Error: Could not connect to host
This article details how to fix the Roundcube SOAP error: “could not connect to host” when integrating with ISPConfig.
Environment: Debian 8 Jessie, ISPConfig3 with Apache. Roundcube plugin installed as per the tutorial featured here on HowToForge.
This error in particular is down to the ISPConfig plugin config file
/opt/roundcube/plugins/ispconfig3_account/config/config.inc.php which in its default state looks something like this:
$rcmail_config[‘identity_limit’] = false;
$rcmail_config[‘remote_soap_user’] = ’roundcube’;
$rcmail_config[‘remote_soap_pass’] = ’roundcube’;
$rcmail_config[‘soap_url’] = ‘http://myserver.example.com:8080/remote/’;
Everything comes down to the last line in this config file – the soap_url parameter; all the steps below need to be carried out for successful
- The SOAP url must start with https not http:
$rcmail_config['soap_url'] = 'https://myserver.example.com:8080/remote/';
- The local machine must be able to resolve the soap_url address hostname:
root@jessie:~# ping myserver.example.com
PING myserver.example.com (192.168.20.50) 56(84) bytes of data.
- The hostname must match the hostname of the SSL certificate of the ISPConfig interface:
- check the hostname of the ISPConfig SSL certificate: openssl x509 -in /usr/local/share/ca-certificates/ispserver.crt -text -noout | grep Subject:
- You should see something like this: Subject: C=GB, ST=Greater London, L=London, O=Empirion, OU=IT, CN=myserver.example.com/emailAddressfirstname.lastname@example.org
- The server’s fully qualified domain name in the “CN” field must match the soap_url in the config line.
If you are still seeing the error despite having followed all the steps, it may be that the ISPConfig certificate is not available to the roundcube plugin. Check out the footnotes at the bootom of this article for details on how to update the certificate share with the ISPConfig certificate and configure Apache’s php.ini.
This should now be working, please leave a comment if you observe different results and we can troubleshoot!
This article describes how to install, create or generate the ISPConfig SSL Certificate which secures the ISPConfig 3 control panel. There are two ways in which this can be done:
- Create a new self-signed OpenSSL Certificate on the command line using OpenSSL or
- Renew the ISPConfig SSL Certificate with the ISPConfig updater
1. Create a new self-signed OpenSSL Certificate on the command line using OpenSSL
- Change the permissions to secure the file:
root@jessie:~# chmod 600 /root/ispconfig_sslcert_backup.tar.gz
- backup the current SSL Certs in case of the need to roll back:
root@jessie:~# tar pcfz /root/ispconfig_sslcert_backup.tar.gz /usr/local/ispconfig/interface/ssl
- login to your server on the shell as root user
- Create a new SSL Certificate Request (csr) , Certificate key and a self-signed Certificate:
root@jessie:~# cd /usr/local/ispconfig/interface/ssl
root@jessie:~# openssl genrsa -des3 -out ispserver.key 4096
root@jessie:~# openssl req -new -key ispserver.key -out ispserver.csr
root@jessie:~# openssl x509 -req -days 3650 -in ispserver.csr -signkey ispserver.key -out ispserver.crt
root@jessie:~# openssl rsa -in ispserver.key -out ispserver.key.insecure
root@jessie:~# mv ispserver.key ispserver.key.secure
root@jessie:~# mv ispserver.key.insecure ispserver.key
- Restart Apache to load the new SSL Certificate.
root@jessie:~# service apache2 restart
2) Renew the ISPConfig SSL Certificate Using the Installer Script
The second way to install a new SSL Certificate is to use the ispconfig_update.sh script:
- download ISPConfig to the /tmp folder, unpack the archive and start the update script:
root@jessie:~# cd /tmp
root@jessie:~# wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
root@jessie:~# tar xvfz ISPConfig-3-stable.tar.gz
root@jessie:~# cd ispconfig3_install/install
root@jessie:~# php -q update.php
- Answer “yes” to the following prompt during the update:
Create new ISPConfig SSL certificate (yes,no) [no]:
and the SSL Certificate creation dialog will start.
Optional: Make the ISPConfig certificate available to other applications which may require it:
If you are going to extend the ISPConfig with other plugins which will require the ISPConfig certificate e.g. roundcube then you should also complete the following steps:
- Copy the new certificate into the Debian SSL repository:
root@jessie:~# cp /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/share/ca-certificates/
- Update the ca certificate store:
- Edit the /etc/php5/apache2/php.ini file, locate the [openssl] section and add the following line:
- Restart Apache:
service apache2 restart