SSL renewal check skipping expired certificates — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberLoader

SSL renewal check skipping expired certificates

edited January 18 in Bug Report
Environment: Cyberpanel v2.0 build 3
Server: Ubuntu 18.04
Host: DigitalOcean

Install type: OLS
Installation from official server

PROBLEM:

A client reported to me that he site was not accessible. It was due to the SSL certificate expiring on Jan 15th (four days ago).

Look in the /home/cyberpanel/error-logs.txt I can see the "Running SSL Renew Utility" output. It appears to be skipping certificates that are expired. At least it did in the case of this client's site.

For example:
- - - -
[01.16.2021_02-00-04] Checking SSL for DOMAIN.se.
[01.16.2021_02-00-04] SSL exists for DOMAIN.se. Checking if SSL will expire in 15 days..
[01.16.2021_02-00-04] SSL exists for DOMAIN.se and is not ready to renew, skipping..
- - - -

Yet the certificate expired on January 15th. See here: https://ibb.co/HVQ9mzs

This is obviously a major problem. But as there's no data in the log showing a failed renewal, I am not sure where to start troubleshooting the cause.

I've search the log back to Nov 15th, and there was never an instance of this SSL certificate being detected as requiring renewal. No renewal attempts have been made. No errors have been logged related to the renewal of this domain's SSL.


>>>>

Something else worth pointing out ...
I manually renewed the SSL for this domain with the SSL Manager ("Issue SSL").

The log out put was as follows:

- - - - -
[01.18.2021_20-36-09] /root/.acme.sh/acme.sh --issue -d DOMAIN.se -d www.DOMAIN.se --cert-file /etc/letsencrypt/live/DOMAIN.se/cert.pem --key-file /etc/letsencrypt/live/DOMAIN.se/privkey.pem --fullchain-file /etc/letsencrypt/live/DOMAIN.se/fullchain.pem -w /home/DOMAIN.se/public_html --force
[01.18.2021_20-36-17] Successfully obtained SSL for: DOMAIN.se and: www.DOMAIN.se
[01.18.2021_20-36-17] {'[email protected]': (550, b'5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table')}
- - - -

You'll see the last line is using a '[email protected]' email address. I am not sure what this is for, but such an address does not exist. Why would it?

I'd like to know if this error is of any consequence?

ALSO POSTED HERE:
https://github.com/usmannasir/cyberpanel/issues/518
(In case that's a better place to address bugs)
Tagged:
Tagged:

Comments

  • > @plumcake said:
    > +1

    Hi Plumcake. Have you still got this issue occurring, or have you already manually renewed the certificate? I'm guessing you've already renewed it. But, if not, please let me know. I'd like to have you decode the existing certificate and see if it has expired or was renewed.
    I've got a ticket on this here https://github.com/usmannasir/cyberpanel/issues/518, which explains a little more.
  • This issue continues to occur. I've now got multiple expired SSL certs that are being skipped.
  • I subscribed to Cyberpanel support. They checked the server, they said everything was fine. Damn not. Certificates have been a regular problem since then.
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!