Can't Issue SSL

HI, In the current version of cyberpanel (with support for PHP 7.3) I can not use Issue SSL from CLI:

cyberpanel issueSSL --domainName cyberpanel.net

Issue SSL from webgui also does not work:

Cannot issue SSL. Error message: 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]

I did not find any changes to the file httpd_config.conf; There is no declaration about the listener SSL {}, something like this:

listener SSL { map fb.vn fb.vn address 0.0.0.0:443 secure 1 keyFile /usr/local/lsws/admin/conf/webadmin.key certFile /usr/local/lsws/admin/conf/webadmin.crt }

With Cyberpanle old version, only have "PHP 5.3 -> 7.2", everything still works fine.

Tagged:
Tagged:

Comments

  • IN /serverstatus/cyberCPMainLogFile:

    [08-57-26-Thu-Dec-2018] Failed to obtain SSL, issuing self-signed SSL for: locloc.club [08-58-52-Thu-Dec-2018] Trying to obtain SSL for: locloc.club and: www.locloc.com [08-59-08-Thu-Dec-2018] Failed to obtain SSL for: locloc.club and: www.locloc.com [08-59-08-Thu-Dec-2018] Trying to obtain SSL for: locloc.com [08-59-17-Thu-Dec-2018] Failed to obtain SSL, issuing self-signed SSL for: locloc.com
  • Can you provide more information using the Second Way here https://cyberpanel.net/docs/troubleshooting-cyberpanel/ ?
  • Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] locloc.com:Verify error:Invalid response from http://locloc.com/.well-known/acme-challenge/rgvqFe_ZGEgAcjFJNchQO4C0oIJKZ8VslFDZxIDONTU: Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] Please add '--debug' or '--log' to check more details. Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] locloc.com:Verify error:Invalid response from http://locloc.com/.well-known/acme-challenge/Pfm95pSj7gxwBcjfiG3yMpKq6HVK8QwCt-QEH29fw2w: Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] Please add '--debug' or '--log' to check more details. Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
  • Verification file is not reachable, probably:

    1. DNS.
    2. Some rewrite rule is conflicting
  • Please do not care about getting ssl from Let's encrypt, I do not care about certificates, I need Cyberpanel can add an HTTPS website, i mean self certificate ssl can not be added to OpenLiteSpeed config file httpd_config.conf

    Centos 7

    The problem is in the command:

    cyberpanel issueSSL --domainName locloc.com

    It can not add HTTPS webs to Cyberpanel and Openlitespeed
  • Oh, we canceled issuing self-signed SSL, is this what you want?
  • Oh, we canceled issuing self-signed SSL, is this what you want?

    OMG, yes that's what I want. Why disable self-signed SSL, I feel it is very useful for sites that can not get a certificate from Let's Encrypt.
    Besides, many websites use SSL from the cloudflare proxy and they just need a self-signed SSL in the backend Openlitespeed for thier site.
  • The issue was people trying to get SSL and when Let's Encrypt failed we used to issue self-signed SSL and function return successfully, even though in the log it says failed to obtain SSL but most of the users were not comfortable as they assume SSL was success and when they load the site they get SSL error.

    We can try to think of more good work around.
  • So, Will the self-signed SSL function come back?
    For the problem you mentioned, you can create an additional function to automatically check the SSL certificate of the domain and when you discover an invalid certificate you can request again certificate from "Let's encrypt" cycle.
  • Or you can create a new command line with the function auto create a self-signed certificate, then add them to HTTPS of the specified domain. Or a certain command has the ability to create HTTPS web from the specified ssl certificate file (maybe they have purchased their own ssl certificate from Comodo, GoDaddy, Cloudflare ...)
  • cyberpanel issueSSL --domainName abc.com --privatekey /home/abc.com.key --publickey /home/abc.com.crt
  • If you want I can add a cli function to only issue self-signed ssl?
  • Thanks, I really need that function
  • Will be added soon, will update you.
  • Pushed hotfix, the command is like
    cyberpanel issueSelfSignedSSL --domainName cyberpanel.net
Sign In or Register to comment.
Support CyberPanel CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!