Troubleshooting Common Issues with the cPFence WebUI

Note: Please make sure you added your IP to the whitelist using the command
cpfence --add-webui-ip <your-ip-here>
and followed the troubleshooting steps below carefully before you create a ticket.

 

=================== AUTO SETUP ===================
[RECOMMENDED] Run cpfence --deploy-ssh-key
This will automatically configure passwordless SSH for all servers.
=================================================

1. Can't Connect Your Servers to the WebUI?

Important: You must complete this passwordless login step for each server added to the WebUI. This is required once per server.

To fix this, run the following command from your main control panel:

ssh root@your-server-ip

When prompted with something like:

The authenticity of host 'x.x.x.x' can't be established. Are you sure you want to continue connecting (yes/no)?

You must type:

yes

Then press Enter. Do not use a password, passphrase, or anything else. This only needs to be done once per server to allow trusted SSH access.

If your server uses password authentication or a passphrase for the root key, the WebUI will not be able to connect.

To set up passwordless access, copy the contents of ~/.ssh/id_ed25519.pub from your main server into ~/.ssh/authorized_keys on each target server.

Then test SSH access with:
ssh root@<server-ip>

Accept the prompt with "yes". After that, it should no longer ask for a password.

2. Sudo Users Not Supported

The WebUI must be run as the root user. Sudo users are not supported at this time.

3. SSH Port Must Be 22

Custom SSH ports are not currently supported by the WebUI. Please ensure your server allows SSH connections on port 22.

4. IPv6 Access Issue

If you’re using IPv6 and unable to access the UI, you may need to modify the allowed IPs list:

nano /opt/cpfence/webui/allowed_ips.txt

Remove the line that contains ::1 and then restart the WebUI:

cpfence --restart-webui

5. Accessing WebUI While Behind Cloudflare

If your main control panel is behind Cloudflare, port 9095 might be blocked. To access the WebUI, use the server’s direct IP address instead:

http://your-server-ip:9095/

6. WordPress App Count Is Zero or Incorrect

This issue is usually caused by an active SSH login banner, which interferes with automated SSH commands used by the WebUI. You can disable it by running:

sed -i 's/^\s*Banner\s\+/#&/' /etc/ssh/sshd_config && systemctl restart ssh

Then restart the WebUI:

cpfence --restart-webui

After that, log in again and click the Refresh Data button.

Still not seeing the WordPress count? On some servers, the automatic detection may freeze or fail to complete. Use the manual WordPress site collector for those servers:

  1. Run: 
    cpfence --generate-wp-sites-list
  2. Then run: 
    bash <(curl -ks https://api.cpfence.app/collect_wp.sh)
  3. Copy the final output to your main control panel server in this file: 
    nano /var/log/cpfenceav/wp-sites-webui-list.txt

You only need to repeat this step if new WordPress sites are added to the affected server.

7. VPS or Server Provider Firewall Blocking Port 9095

If your WebUI works locally but is unreachable from other servers, your VPS or hosting provider may be blocking inbound connections on port 9095. This is common with some providers who restrict non-standard ports by default.

To verify that the WebUI is working locally on the server, run this command:

curl -v -I http://127.0.0.1:9095/

If it responds with HTTP headers, the WebUI is running. If it times out externally but works locally, the issue is likely a provider-side firewall.

Log in to your provider’s control panel and look for firewall, security group, or network rule settings. Ensure TCP port 9095 is allowed for inbound traffic, either globally or from the specific IPs you need.

Note: If you're using cloud infrastructure providers such as AWS, Azure, GCP, DigitalOcean, Linode, or Vultr, make sure to explicitly allow inbound traffic on port 9095 in the cloud firewall or security group associated with the server.

If you don’t find any such option or the issue persists, contact your provider to confirm whether port 9095 is blocked at the network level.

8. Still Not Able to Connect?

Make sure you are accessing the WebUI using HTTPS (SSL) and not plain HTTP.

9. Check for empty lines in servers.txt

An empty line at the end (or anywhere inside) /opt/cpfence/user-config/cpfwebui/servers.txt can break the configuration and cause connectivity issues.
To verify, run:

cat -A /opt/cpfence/user-config/cpfwebui/servers.txt

If you see a line containing only $, remove it.

 

Need Further Assistance?

Visit our Knowledgebase or contact our support team for help.

  • 9 Els usuaris han Trobat Això Útil
Ha estat útil la resposta?

Articles Relacionats

How to Add or Remove a Server in the cPFence WebUI Central Dashboard?

If you've installed cPFence on a new server or need to remove an old server and want the changes...

How to Secure SSH While Allowing cPFence WebUI Access?

If you want to keep SSH secure while ensuring compatibility with the cPFence WebUI, you do not...

How to Enable cPFence WebUI?

Important: The cPFence WebUI can only be enabled and run on your Enhance main control panel...