"Require https for admin panel." in version 1.9.0

[Cardiff-Paul]

My server has recently updated to version 1.9.0 and I now get "Require https for admin panel." at the login page.

Because this is a local development system it doesn't have an SSL (not even a self-signed one), so if I try to use https I get a browser error reporting SSL_ERROR_RX_RECORD_TOO_LONG. I wasn't expecting that to work.

For now I have commented out the relevant line in /usr/local/lsws/admin/html.open/login.php as there is no configuration option check around it, however that will obviously need to be done each time the file gets updated.

Would it be possible to add a configuration option to disable this functionality please? Ideally something that can also be set by manually editing /usr/local/lsws/conf/httpd_config.conf or some other file so it can be done when we can't get in.

Thank you,
Paul

 

[Cold-Egg]

By default, the webadmin listener is set Secure to yes, and it uses a self-signed cert and key e.g. $SERVER_ROOT/admin/conf/webadmin.key. Did you empty the webadmin SSL config or change any default configs?

 

[Cardiff-Paul]

$SERVER_ROOT/admin/conf/webadmin.key and $SERVER_ROOT/admin/conf/webadmin.crt both exist, dated 12th May 2025.

In WebAdmin Settings > Listeners > adminListener > SSL the Private Key File and Certificate File are set to the paths above, Client Verification is set to "none" and everything else is "Not Set"

In Listeners > Default > SSL everything is "Not Set".

Version 1.8.x worked fine with those settings and I haven't changed anything since it updated to version 1.9.0 (other than editing out the check in login.php).

I don't know what the original defaults were but I think I did change things when it was installed to avoid SSL self-sign certificate browser warnings, which was probably on version 1.6.x or 1.7.x. It's on my local network and not accessible remotely so no SSL keeps things simple.