can't renew SSL — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberLoader

can't renew SSL

Hi i have problem with my subdomain can't renew SSL Even Manual

when i try to issue i got this error in my Mail Log file

[06.24.2021_08-08-31] Trying to obtain SSL for: blog.Domain.com and: www.blog.Domain.com
[06.24.2021_08-08-31] /root/.acme.sh/acme.sh --issue -d blog.Domain.com -d www.blog.Domain.com --cert-file /etc/letsencrypt/live/blog.Domain.com/cert.pem --key-file /etc/letsencrypt/live/blog.Domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/blog.Domain.com/fullchain.pem -w /home/Domain.com/public_html/blog.Domain.com --force
[06.24.2021_08-08-32] Failed to obtain SSL for: blog.Domain.com and: www.blog.Domain.com
[06.24.2021_08-08-32] Trying to obtain SSL for: blog.Domain.com
[06.24.2021_08-08-32] Failed to obtain SSL, issuing self-signed SSL for: blog.Domain.com
[06.24.2021_08-08-34] Websites matching query does not exist. [installSSLForDomain:72]
[06.24.2021_08-08-34] Self signed SSL issued for blog.Domain.com.

im using
CyberPanel Latest Version 2.1

So what is wrong
Tagged:
Tagged:

Comments

  • Hi, can you please restart litespeed service and afterwards generate an SSL again with --debug at the end?
    ALTUSHOST.COM
  • [email protected]:~# /root/.acme.sh/acme.sh --issue -d blog.Domain.com -d ww w.blog.Domain.com --cert-file /etc/letsencrypt/live/blog.Domain.com/cert.pem --key-file /etc/letsencrypt/live/blog.Domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/blog.Domain.com/fullchain.pem -w /home/Domain.com/pub lic_html/blog.Domain.com --force --debug
    [Wed 30 Jun 2021 10:45:04 AM UTC] Lets find script dir.
    [Wed 30 Jun 2021 10:45:04 AM UTC] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Wed 30 Jun 2021 10:45:04 AM UTC] _script='/root/.acme.sh/acme.sh'
    [Wed 30 Jun 2021 10:45:04 AM UTC] _script_home='/root/.acme.sh'
    [Wed 30 Jun 2021 10:45:04 AM UTC] Using config home:/root/.acme.sh
    https://github.com/acmesh-official/acme.sh
    v3.0.0
    [Wed 30 Jun 2021 10:45:04 AM UTC] Running cmd: issue
    [Wed 30 Jun 2021 10:45:04 AM UTC] _main_domain='blog.Domain.com'
    [Wed 30 Jun 2021 10:45:04 AM UTC] _alt_domains='www.blog.Domain.com'
    [Wed 30 Jun 2021 10:45:04 AM UTC] Using config home:/root/.acme.sh
    [Wed 30 Jun 2021 10:45:04 AM UTC] default_acme_server
    [Wed 30 Jun 2021 10:45:04 AM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV 90'
    [Wed 30 Jun 2021 10:45:04 AM UTC] DOMAIN_PATH='/root/.acme.sh/blog.Domain.com'
    [Wed 30 Jun 2021 10:45:04 AM UTC] Using ACME_DIRECTORY: https://acme.zerossl.com /v2/DV90
    [Wed 30 Jun 2021 10:45:04 AM UTC] _init api for server: https://acme.zerossl.com /v2/DV90
    [Wed 30 Jun 2021 10:45:04 AM UTC] GET
    [Wed 30 Jun 2021 10:45:04 AM UTC] url='https://acme.zerossl.com/v2/DV90'
    [Wed 30 Jun 2021 10:45:04 AM UTC] timeout=
    [Wed 30 Jun 2021 10:45:04 AM UTC] _CURL='curl --silent --dump-header /root/.acme .sh/http.header -L -g '
    [Wed 30 Jun 2021 10:45:05 AM UTC] ret='0'
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/D V90/keyChange'
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_AUTHZ
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV 90/newOrder'
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/ DV90/newAccount'
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/ DV90/revokeCert'
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_AGREEMENT='https://secure.trust-provider. com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click .pdf'
    [Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV 90/newNonce'
    [Wed 30 Jun 2021 10:45:05 AM UTC] Le_NextRenewTime='1622197819'
    [Wed 30 Jun 2021 10:45:06 AM UTC] Using CA: https://acme.zerossl.com/v2/DV90
    [Wed 30 Jun 2021 10:45:06 AM UTC] _on_before_issue
    [Wed 30 Jun 2021 10:45:06 AM UTC] _chk_main_domain='blog.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] _chk_alt_domains='www.blog.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] Le_LocalAddress
    [Wed 30 Jun 2021 10:45:06 AM UTC] d='blog.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] Check for domain='blog.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] _currentRoot='/home/Domain.com/public_html/b log.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] d='www.blog.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] Check for domain='www.blog.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] _currentRoot='/home/Domain.com/public_html/b log.Domain.com'
    [Wed 30 Jun 2021 10:45:06 AM UTC] d
    [Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_KEY_HASH
    [Wed 30 Jun 2021 10:45:06 AM UTC] Using config home:/root/.acme.sh
    [Wed 30 Jun 2021 10:45:06 AM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV 90'
    [Wed 30 Jun 2021 10:45:06 AM UTC] _init api for server: https://acme.zerossl.com /v2/DV90
    [Wed 30 Jun 2021 10:45:06 AM UTC] RSA key
    [Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_EAB_KEY_ ID
    [Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_EAB_HMAC _KEY
    [Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_EMAIL
    [Wed 30 Jun 2021 10:45:06 AM UTC] No EAB credentials found for ZeroSSL, let's ge t one
    [Wed 30 Jun 2021 10:45:06 AM UTC] acme.sh is using ZeroSSL as default CA now.
    [Wed 30 Jun 2021 10:45:06 AM UTC] Please update your account with an email addre ss first.
    [Wed 30 Jun 2021 10:45:06 AM UTC] acme.sh --register-account -m [email protected]
    [Wed 30 Jun 2021 10:45:06 AM UTC] See: https://github.com/acmesh-official/acme.s h/wiki/ZeroSSL.com-CA
    [Wed 30 Jun 2021 10:45:06 AM UTC] _on_issue_err
    [Wed 30 Jun 2021 10:45:06 AM UTC] Please add '--debug' or '--log' to check more details.
    [Wed 30 Jun 2021 10:45:06 AM UTC] See: https://github.com/acmesh-official/acme.s h/wiki/How-to-debug-acme.sh
    [Wed 30 Jun 2021 10:45:06 AM UTC] Diagnosis versions:
    openssl:openssl
    OpenSSL 1.1.1f 31 Mar 2020
    apache:
    apache doesn't exist.
    nginx:
    nginx doesn't exist.
    socat:
    socat by Gerhard Rieger and contributors - see www.dest-unreach.org
    socat version 1.7.3.3 on Oct 26 2019 17:42:04
    running on Linux version #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021, release 5.4.0-73-generic, machine x86_64
    features:
    #define WITH_STDIO 1
    #define WITH_FDNUM 1
    #define WITH_FILE 1
    #define WITH_CREAT 1
    #define WITH_GOPEN 1
    #define WITH_TERMIOS 1
    #define WITH_PIPE 1
    #define WITH_UNIX 1
    #define WITH_ABSTRACT_UNIXSOCKET 1
    #define WITH_IP4 1
    #define WITH_IP6 1
    #define WITH_RAWIP 1
    #define WITH_GENERICSOCKET 1
    #define WITH_INTERFACE 1
    #define WITH_TCP 1
    #define WITH_UDP 1
    #define WITH_SCTP 1
    #define WITH_LISTEN 1
    #define WITH_SOCKS4 1
    #define WITH_SOCKS4A 1
    #define WITH_PROXY 1
    #define WITH_SYSTEM 1
    #define WITH_EXEC 1
    #undef WITH_READLINE
    #define WITH_TUN 1
    #define WITH_PTY 1
    #define WITH_OPENSSL 1
    #undef WITH_FIPS
    #define WITH_LIBWRAP 1
    #define WITH_SYCLS 1
    #define WITH_FILAN 1
    #define WITH_RETRY 1
    #define WITH_MSGLEVEL 0 /*debug*/
    [email protected]:~#
  • i used this

    acme.sh --register-account -m [email protected]
    and my subdomain working now on ZeroSSl

    and my mail domain working with letsencrypt for 80 days

    after 80 days main domain will renew with ZeroSSL or letsencrypt
    or it will not renew automaic ???
  • and thanks for your Great help
  • Hi there,

    it should renew automatically with zerossl.

    If you want to use letsencrypt instead, run:
    /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

    or upgrade to the latest cp version in which letsencrypt is set as default: https://github.com/usmannasir/cyberpanel/commit/c598d7ae0c65cfb1ddd013c40a7ab37da7f2e832

    To manually remove the current certificate and install a new one, follow this guide: https://pcx3.com/cyberpanel/cyberpanel-self-signed-certificate-issue/

    Cheers!
    ALTUSHOST.COM
  • Type your comment> @stefanepejcic said:
    > Hi there,
    >
    > it should renew automatically with zerossl.
    >
    > If you want to use letsencrypt instead, run:
    > /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
    >
    > or upgrade to the latest cp version in which letsencrypt is set as default: https://github.com/usmannasir/cyberpanel/commit/c598d7ae0c65cfb1ddd013c40a7ab37da7f2e832
    >
    > To manually remove the current certificate and install a new one, follow this guide: https://pcx3.com/cyberpanel/cyberpanel-self-signed-certificate-issue/
    >
    > Cheers!

    thanks for Great help :)
  • Type your comment> @stefanepejcic said:
    > Hi there,
    >
    > it should renew automatically with zerossl.
    >
    > If you want to use letsencrypt instead, run:
    > /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
    >
    > or upgrade to the latest cp version in which letsencrypt is set as default: https://github.com/usmannasir/cyberpanel/commit/c598d7ae0c65cfb1ddd013c40a7ab37da7f2e832
    >
    > To manually remove the current certificate and install a new one, follow this guide: https://pcx3.com/cyberpanel/cyberpanel-self-signed-certificate-issue/
    >
    > Cheers!

    I had the same issue - upgraded to CyberPanel 2.1, but I still can't get it to do it automatically.
    When I copy paste the command as suggested in https://cyberpanel.net/docs/issuing-ssl-for-website/ it works, so I can restart the server and it will pick up the new certs, but I can't do it from the UI.
    Curious if you had the same experience....
  • Hi, sorry for such a late response..

    Yes, generating an SSL from the UI will overwrite this manually generated SSL.. the workaround is to define the usage of letsencrypt:
    /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt


    https://www.hostingbyalitech.com/blog/post/acme-now-uses-zerossl-here-what-you-need-do-your-cyberpanel

    Hope that works for you as well. Cheers
    ALTUSHOST.COM
  • I've had trouble with cyberpanel and Lets Encrypt for a while. This is the key->
    blog.Domain.com and: www.blog.Domain.com

    My bet is the www. version doesn't exist in the local zone file on the server.

    Try adding: www.blog.Domain.com to the zone file. Even if you don't use your server for DNS. If it still complains the same way you may need to create an A record entry at your DNS provider(assuming you aren't using the DNS function on cyberpanel).

    That has solved several issues I've run into in the newest version.
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!