HI, In the current version of cyberpanel (with support for PHP 7.3) I can not use Issue SSL from CLI:
cyberpanel issueSSL --domainName cyberpanel.net
Issue SSL from webgui also does not work:
Cannot issue SSL. Error message: 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
I did not find any changes to the file httpd_config.conf; There is no declaration about the listener SSL {}, something like this:
listener SSL {
map fb.vn fb.vn
address 0.0.0.0:443
secure 1
keyFile /usr/local/lsws/admin/conf/webadmin.key
certFile /usr/local/lsws/admin/conf/webadmin.crt
}
With Cyberpanle old version, only have "PHP 5.3 -> 7.2", everything still works fine.
Comments
[08-57-26-Thu-Dec-2018] Failed to obtain SSL, issuing self-signed SSL for: locloc.club [08-58-52-Thu-Dec-2018] Trying to obtain SSL for: locloc.club and: www.locloc.com [08-59-08-Thu-Dec-2018] Failed to obtain SSL for: locloc.club and: www.locloc.com [08-59-08-Thu-Dec-2018] Trying to obtain SSL for: locloc.com [08-59-17-Thu-Dec-2018] Failed to obtain SSL, issuing self-signed SSL for: locloc.com
Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] locloc.com:Verify error:Invalid response from http://locloc.com/.well-known/acme-challenge/rgvqFe_ZGEgAcjFJNchQO4C0oIJKZ8VslFDZxIDONTU: Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] Please add '--debug' or '--log' to check more details. Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] locloc.com:Verify error:Invalid response from http://locloc.com/.well-known/acme-challenge/Pfm95pSj7gxwBcjfiG3yMpKq6HVK8QwCt-QEH29fw2w: Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] Please add '--debug' or '--log' to check more details. Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
1. DNS.
2. Some rewrite rule is conflicting
Centos 7
The problem is in the command:
cyberpanel issueSSL --domainName locloc.com
It can not add HTTPS webs to Cyberpanel and Openlitespeed
Oh, we canceled issuing self-signed SSL, is this what you want?
OMG, yes that's what I want. Why disable self-signed SSL, I feel it is very useful for sites that can not get a certificate from Let's Encrypt.
Besides, many websites use SSL from the cloudflare proxy and they just need a self-signed SSL in the backend Openlitespeed for thier site.
We can try to think of more good work around.
For the problem you mentioned, you can create an additional function to automatically check the SSL certificate of the domain and when you discover an invalid certificate you can request again certificate from "Let's encrypt" cycle.
cyberpanel issueSSL --domainName abc.com --privatekey /home/abc.com.key --publickey /home/abc.com.crt
Can you help me?
Can you help me?
Can you help me?
Can you help me?
Can you help me?
> (Quote)
> I already point domain to IP before, and today i try, have same error
I have a fix that worked for me. You can test it as you go.
Step 1 - Note your current cert timestamp with: `openssl x509 -noout -dates -in /etc/letsencrypt/live/YOURDOMAIN.COM/cert.pem`
- Note the timestamp for "notBefore"
Step 2 - Locate and manually edit your "acme.sh" script. Mine was in /home/cyberpanel, but yours may be in /root. Inside the file find and change the following lines:
Old Lines:
`DEFAULT_CA=$LETSENCRYPT_CA_V1`
`DEFAULT_STAGING_CA=$LETSENCRYPT_STAGING_CA_V1`
New Lines:
`DEFAULT_CA=$LETSENCRYPT_CA_V2`
`DEFAULT_STAGING_CA=$LETSENCRYPT_STAGING_CA_V2`
You're just changing the V1 to V2 for your defaults. It should work now when you force issue a cert on your domain in the next step.
Step 3 - Force issue new cert with:
`/root/.acme.sh/acme.sh --issue -d YOURDOMAIN.COM -d www.YOURDOMAIN.COM --cert-file /etc/letsencrypt/live/YOURDOMAIN.COM/cert.pem --key-file /etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem --fullchain-file /etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem -w /home/YOURDOMAIN.COM/public_html --force --debug`
* Remember to change the paths in the above appropriately for your server
You should have a successful SSL install and can move on to double checking the date, by issuing the command from Step 1 and noting the timestamp, which should be just now.
Hope that helps!