CyberPanel: v2.3.1 OS: Centos 7

Hi, very much a beginner and feeling totally lost. I’ve been reading articles for two days straight but none the wiser.

Coming from shared hosting, I purchased VPS hosting and have setup a Wordpress website under the domain intervalle-arts.com.

I’d like to create e-mails for this website so I checked the option “Create Website/Additional features/Create Mail Domain”. This created the domain mail.intervalle-arts.com. I then edited the DNS CNAME (map, step, etc.) and added an MX record to point to this domain. I also added a TXT record with spf. I checked DNS checker after repopulating and everything looks good.

I issued SSL records for both the main domain (intervalle-arts.com) and the child domain (mail.intervalle-arts.com) via let’s encrypt via Cyberpanel OS. Cyberpanel says SSL certs were issued and valid for 89 days.

I debugged via SSH for intervalle-arts.com and mail.intervalle-arts.com and both return that SSL records are issued and stored in their respective folders.

[Fri Dec 2 04:41:43 UTC 2022] Your cert is in: /root/.acme.sh/mail.intervalle-arts.com/mail.intervalle-arts.com.cer
[Fri Dec 2 04:41:43 UTC 2022] Your cert key is in: /root/.acme.sh/mail.intervalle-arts.com/mail.intervalle-arts.com.key
[Fri Dec 2 04:41:43 UTC 2022] The intermediate CA cert is in: /root/.acme.sh/mail.intervalle-arts.com/ca.cer
[Fri Dec 2 04:41:43 UTC 2022] And the full chain certs is there: /root/.acme.sh/mail.intervalle-arts.com/fullchain.cer
[Fri Dec 2 04:41:43 UTC 2022] Installing cert to: /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem
[Fri Dec 2 04:41:43 UTC 2022] Installing key to: /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
[Fri Dec 2 04:41:43 UTC 2022] Installing full chain to: /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
[Fri Dec 2 04:41:43 UTC 2022] _on_issue_success

The problem is, if I try to send a mail, I get a message saying that the R3 SSL certificate for mail.intervalle-arts has expired. According to my mail client:

ISRG Root X1 OK
(middle) R3 OK
mail.intervalle-arts.com R3 EXPIRED

If I check with SSL shopper everything looks good:
intervalle-arts.com SSL Checker
mail.intervalle-arts.com SSL Checker

I am totally new to this and totally lost. Have I done something wrong? Is there an option in Cyberpanel I’m missing? Is the whole mail.intervalle-arts.com domain a crazy idea and shouldn’t work?

Edit: here is SSL LABS report: https://www.ssllabs.com/ssltest/analyze.html?d=intervalle-arts.com&hideResults=on it gets an “A” ranking.

Edit: I’m also getting the “this site is not private” message and “NET::ERR_CERT_COMMON_NAME_INVALID” when I try to logon to CP OS. This is even though I’m forcing https. Chrome says I have an R3 cert from let’s encrypt issued yesterday and expires 2023. It also says this certificate is not valid.

Here is my cyberpanel LOG file

[12.01.2022_04-10-20] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-12-07] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-12-15] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-16-02] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-22-52] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-22-55] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-23-09] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-46-15] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_09-10-15] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_09-10-20] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_09-37-39] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_10-28-52] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-28-52] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.01.2022_10-28-58] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-28-58] Trying to obtain SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-02] Successfully obtained SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-02] Websites matching query does not exist. [installSSLForDomain:72]
[12.01.2022_10-29-36] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-29-36] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.01.2022_10-29-42] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-29-42] Trying to obtain SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-47] Successfully obtained SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-47] {‘email@mail.intervalle-arts.com’: (554, b’5.7.1 email@mail.intervalle-arts.com: Relay access denied’)}
[12.01.2022_10-29-47] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_00-00-04] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.02.2022_02-00-04] Running SSL Renew Utility
[12.02.2022_02-00-04] Checking SSL for intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_02-00-04] Checking SSL for mail.intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_04-20-05] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-05] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_04-20-11] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-11] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-15] Successfully obtained SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-16] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_05-39-13] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_07-43-20] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_08-21-57] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-21-57] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-22-02] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-22-02] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Failed to obtain SSL, issuing self-signed SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_08-22-05] Self signed SSL issued for mail.intervalle-arts.com.
[12.02.2022_08-23-45] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.02.2022_08-23-45] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-23-49] Successfully obtained SSL for: intervalle-arts.com and: www.intervalle-arts.com

Use below web url for testing mail SSL instead of web SSL site tester.

Many thanks for the tip! I out my domain in and got these results:

[000.261] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve X25519 DHE(253 bits)
Certificate #1 of 4 (sent by MX): EXPIRED
Cert VALIDATION ERROR(S): certificate has expired
So email is encrypted but the recipient domain is not verified
ssl : scheme=smtp cert=94173779150800
: identity=mail.intervalle-arts.com cn=mail.intervalle-arts.com alt=2 mail.intervalle-arts.com
Cert Hostname VERIFIED (mail.intervalle-arts.com = mail.intervalle-arts.com | DNS:mail.intervalle-arts.com)
cert not revoked by OCSP
Data:
Version: 3 (0x2)
Serial Number: 04:4a:ac:b7:79:00:5e:60:63:5b:45:50:8a:09:05:b3:6c:a7
Validity:
Not Before: Jul 22 05:41:22 2022 GMT
Not After: Oct 20 05:41:21 2022 GMT
Subject:
commonName = mail.intervalle-arts.com
Issuer:
countryName = US
organizationName = Let’s Encrypt
commonName = R3
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public Key Bits: (256 bit)
Modulus:
40:39:A7:32:05:57:15:D8:DC:46:45:78:42:C9:89:10
CD:17:6D:E7:B5:5F:DD:C4:53:E2:4C:7B:9B:01:4F:87
92:55:4B:17:21:81:D0:77:7E:3D:A4:7D:7F:FC:1E:1E
AE:21:D6:9D:AC:AD:96:5E:F4:51:CA:12:19:56:04:40
0
Exponent: n/a

So, the cert is out of date despite having reissued it multiple times. There are definitely issues with SSLs issued for mail.intervalle-arts.com (see above) but also the “host” as every time I logon to cyberpanel via https I’m told the connection is not private.

Edit: I tried turning mod security but it made no difference to the SSL cert being invalid. If I try to logon through https I get the message “Your connection is not private”. I’ve recently issued multiple SSLs via cyberpanel for “website”, “host”, and “mail server”.

Edit: here are my cyberpanel logs:

[12.01.2022_10-29-47] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_00-00-04] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.02.2022_02-00-04] Running SSL Renew Utility
[12.02.2022_02-00-04] Checking SSL for intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_02-00-04] Checking SSL for mail.intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_04-20-05] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-05] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_04-20-11] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-11] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-15] Successfully obtained SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-16] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_05-39-13] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_07-43-20] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_08-21-57] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-21-57] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-22-02] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-22-02] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Failed to obtain SSL, issuing self-signed SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_08-22-05] Self signed SSL issued for mail.intervalle-arts.com.
[12.02.2022_08-23-45] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.02.2022_08-23-45] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-23-49] Successfully obtained SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_00-00-03] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.03.2022_02-00-03] Running SSL Renew Utility
[12.03.2022_02-00-03] Checking SSL for intervalle-arts.com.
[12.03.2022_02-00-03] SSL exists for intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.03.2022_02-00-03] SSL exists for intervalle-arts.com and is not ready to renew, skipping…
[12.03.2022_02-00-03] Checking SSL for mail.intervalle-arts.com.
[12.03.2022_02-00-03] SSL exists for mail.intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.03.2022_02-00-03] SSL exists for mail.intervalle-arts.com and is not ready to renew, skipping…
[12.03.2022_04-23-55] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-23-55] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.03.2022_04-23-59] Successfully obtained SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-27-16] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.03.2022_04-27-16] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.03.2022_04-27-22] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.03.2022_04-27-22] Trying to obtain SSL for: mail.intervalle-arts.com
[12.03.2022_04-27-23] Failed to obtain SSL, issuing self-signed SSL for: mail.intervalle-arts.com
[12.03.2022_04-27-23] Websites matching query does not exist. [installSSLForDomain:72]
[12.03.2022_04-27-23] Self signed SSL issued for mail.intervalle-arts.com.
[12.03.2022_04-28-07] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-28-07] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.03.2022_04-28-09] Failed to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-28-09] Trying to obtain SSL for: intervalle-arts.com
[12.03.2022_04-28-12] Successfully obtained SSL for: intervalle-arts.com

Here are my DNS records just in case they might help:

A	www	0	93.188.165.29	14400	DeleteEdit
CNAME	smtp	0	mail.intervalle-arts.com	14400	DeleteEdit
CNAME	ftp	0	intervalle-arts.com	14400	DeleteEdit
CNAME	pop	0	mail.intervalle-arts.com	14400	DeleteEdit
CNAME	imap	0	mail.intervalle-arts.com	14400	DeleteEdit
A	mail	0	93.188.165.29	14400	DeleteEdit
A	ns2	0	93.188.165.29	14400	DeleteEdit
A	ns1	0	93.188.165.29	14400	DeleteEdit
AAAA	@	0	2a02:4780:1:1::1:86ad	14400	DeleteEdit
TXT	@	0	google-site-verification=JNEY-bL9Ar7W3Nohe4P1p9CjZ9MgQod1x5ASb7d-zBU	14400	DeleteEdit
TXT	@	0	v=spf1 a mx ip4:93.188.165.29 ~all	14400	DeleteEdit
MX	@	10	mail.intervalle-arts.com	14400	DeleteEdit
NS	@	0	ns1.dns-parking.com	14400	DeleteEdit
NS	@	0	ns2.dns-parking.com	14400	DeleteEdit
A	@	0	93.188.165.29	14400	DeleteEdit

Cyberpanel has one big problem, which using force SSL renew even current SSL is valid. In previous SSL renew request cyberpanel replace SSL file with self-signed SSL.
Restore the previous SSL files backup from root/.acme.sh/lookforfolder to actual path
also open the postfilx config file and add/correct SSL path.
Restart all services or restart server.
I can’t explain each point.
If you have little experience about Linux you will get success.

Hi, thanks for taking a look and for the advice. I’ll be honest, I have very little experience with Linux, but I’ll spend today researching what you advised and will try my best to solve the issue.

Edit: ran

/root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt

And got:

[Sun Dec 4 07:16:36 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 07:16:36 UTC 2022] Multi domain=‘DNS:intervalle-arts.com,DNS:www.intervalle-arts.com’
[Sun Dec 4 07:16:36 UTC 2022] Getting domain auth token for each domain
[Sun Dec 4 07:16:37 UTC 2022] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: intervalle-arts.com,www.intervalle-arts.com, retry after 2022-12-04T12:59:58Z: see Duplicate Certificate Limit - Let's Encrypt”,
“status”: 429

1. So the SSL autorenewal run by Cyberpanel has caused Let’s Encrypt to stop issuing certs. I can’t find a button to turn it off. How do I deactivate it? Is there any way around the one week wait until I can issue an SSL cert ?

I have a couple of further questions (@josephgodwinke, perhaps you may be able to help):

2. Is this something Cyberpanel devs are aware of and have a workaround for? It has definitely increased the leaning curve for Cyberpanel and VPS newbies like myself!

3. So, both intervalle-arts.com and my mails server mail.intervalle-arts.com have self-signed SSLs, is the resolution the same for both? My mails are bouncing and every time I log onto Cyberpanel I get the “this server is not private” message.

4. Even if I resolve the auto-renew issue, am I going to have to play guessing games and applying fixes every time an SSL cert expires? I’d like to eventually use this domain for work and having client-facing e-mail addresses and websites stop responding is… well, not really a sustainable model.

Many thanks

Hello @Rofocale Happy you are here

Let’s go step by step. First disassociate CyberPanel with Let’s Encrypt this will help you solve any ssl issue.

First issue as quoted above means Let’s Encrypt Rate Limiting feature is in effect i believe at some point it was 5 issuances every week. Therefore we can see that CyberPanel has failed to reissue SSL several times but we dont know why.

To investigate lets use the command line https://community.cyberpanel.net/docs?category=51&topic=90#debugging-with-command-line-6

Here is the command

Kindly post the results here

Have you also checked how many certificates you have in ls /etc/letsencrypt/live/ look for the folders intervalle-arts.com and mail.intervalle-arts.com

and in nano /etc/dovecot/dovecot.conf look up a line of this nature

local_name mail.intervalle-arts.com {
        ssl_cert = </etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
        ssl_key = </etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
}

The above steps will help us understand what the issue is.

Hi, @josephgodwinke

Many, many thanks for the reply!

Here are the results from the command:

[Sun Dec 4 10:04:04 UTC 2022] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] Lets find script dir.
[Sun Dec 4 10:04:04 UTC 2022] SCRIPT=‘/root/.acme.sh/acme.sh’
[Sun Dec 4 10:04:04 UTC 2022] _script=‘/root/.acme.sh/acme.sh’
[Sun Dec 4 10:04:04 UTC 2022] _script_home=‘/root/.acme.sh’
[Sun Dec 4 10:04:04 UTC 2022] Using config home:/root/.acme.sh
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v3.0.5
[Sun Dec 4 10:04:04 UTC 2022] Using server: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] Running cmd: issue
[Sun Dec 4 10:04:04 UTC 2022] _main_domain=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:04 UTC 2022] _alt_domains=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:04 UTC 2022] Using config home:/root/.acme.sh
[Sun Dec 4 10:04:04 UTC 2022] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Sun Dec 4 10:04:04 UTC 2022] DOMAIN_PATH=‘/root/.acme.sh/mail.intervalle-arts.com_ecc’
[Sun Dec 4 10:04:04 UTC 2022] Le_NextRenewTime=‘1675052415’
[Sun Dec 4 10:04:04 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] GET
[Sun Dec 4 10:04:04 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/directory’
[Sun Dec 4 10:04:04 UTC 2022] timeout=
[Sun Dec 4 10:04:04 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:04 UTC 2022] ret=‘0’
[Sun Dec 4 10:04:04 UTC 2022] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change’
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_AUTHZ
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct’
[Sun Dec 4 10:04:04 UTC 2022] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert’
[Sun Dec 4 10:04:04 UTC 2022] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf’
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce’
[Sun Dec 4 10:04:05 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:05 UTC 2022] _on_before_issue
[Sun Dec 4 10:04:05 UTC 2022] _chk_main_domain=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] _chk_alt_domains=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] Le_LocalAddress
[Sun Dec 4 10:04:05 UTC 2022] d=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] Check for domain=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] _currentRoot=’/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:05 UTC 2022] d=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] Check for domain=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:05 UTC 2022] d
[Sun Dec 4 10:04:05 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Sun Dec 4 10:04:05 UTC 2022] Read key length:ec-256
[Sun Dec 4 10:04:05 UTC 2022] _createcsr
[Sun Dec 4 10:04:05 UTC 2022] Multi domain=‘DNS:mail.intervalle-arts.com,DNS:www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] Getting domain auth token for each domain
[Sun Dec 4 10:04:05 UTC 2022] d=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] d
[Sun Dec 4 10:04:05 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Sun Dec 4 10:04:05 UTC 2022] payload=‘{“identifiers”: [{“type”:“dns”,“value”:“mail.intervalle-arts.com”},{“type”:“dns”,“value”:“www.mail.intervalle-arts.com”}]}’
[Sun Dec 4 10:04:05 UTC 2022] RSA key
[Sun Dec 4 10:04:05 UTC 2022] HEAD
[Sun Dec 4 10:04:05 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce’
[Sun Dec 4 10:04:05 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ’
[Sun Dec 4 10:04:05 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:05 UTC 2022] POST
[Sun Dec 4 10:04:05 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Sun Dec 4 10:04:05 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:06 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:06 UTC 2022] code=‘201’
[Sun Dec 4 10:04:06 UTC 2022] Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/472180880/150223890647’
[Sun Dec 4 10:04:06 UTC 2022] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/472180880/150223890647’
[Sun Dec 4 10:04:06 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/182492963977’
[Sun Dec 4 10:04:06 UTC 2022] payload
[Sun Dec 4 10:04:06 UTC 2022] POST
[Sun Dec 4 10:04:06 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/182492963977’
[Sun Dec 4 10:04:06 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:06 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:06 UTC 2022] code=‘200’
[Sun Dec 4 10:04:06 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/183791521697’
[Sun Dec 4 10:04:06 UTC 2022] payload
[Sun Dec 4 10:04:06 UTC 2022] POST
[Sun Dec 4 10:04:06 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/183791521697’
[Sun Dec 4 10:04:06 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:06 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:06 UTC 2022] code=‘200’
[Sun Dec 4 10:04:06 UTC 2022] d=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:06 UTC 2022] Getting webroot for domain=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:06 UTC 2022] _w=’/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] _currentRoot=’/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] entry=‘“type”:“http-01”,“status”:“valid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ",“token”:“h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY”,“validationRecord”:[{“url”:“http://mail.intervalle-arts.com/.well-known/acme-challenge/h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY”,“hostname”:“mail.intervalle-arts.com”,“port”:“80”,“addressesResolved”:[“93.188.165.29”],“addressUsed”:"93.188.165.29”’
[Sun Dec 4 10:04:06 UTC 2022] token=‘h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY’
[Sun Dec 4 10:04:06 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ’
[Sun Dec 4 10:04:06 UTC 2022] keyauthorization=‘h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M’
[Sun Dec 4 10:04:06 UTC 2022] mail.intervalle-arts.com is already verified.
[Sun Dec 4 10:04:06 UTC 2022] keyauthorization=‘verified_ok’
[Sun Dec 4 10:04:06 UTC 2022] dvlist=‘mail.intervalle-arts.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ#http-01#/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] d=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:06 UTC 2022] Getting webroot for domain=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:06 UTC 2022] _w=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] entry=‘“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw",“token”:"EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk”’
[Sun Dec 4 10:04:06 UTC 2022] token=‘EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk’
[Sun Dec 4 10:04:06 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:06 UTC 2022] keyauthorization=‘EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M’
[Sun Dec 4 10:04:06 UTC 2022] dvlist=‘www.mail.intervalle-arts.com#EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M#https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw#http-01#/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] d
[Sun Dec 4 10:04:06 UTC 2022] vlist=‘mail.intervalle-arts.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ#http-01#/usr/local/lsws/Example/html,www.mail.intervalle-arts.com#EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M#https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw#http-01#/usr/local/lsws/Example/html,’
[Sun Dec 4 10:04:06 UTC 2022] d=‘mail.intervalle-arts.com’
[Sun Dec 4 10:04:06 UTC 2022] mail.intervalle-arts.com is already verified, skip http-01.
[Sun Dec 4 10:04:07 UTC 2022] d=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:07 UTC 2022] ok, let’s start to verify
[Sun Dec 4 10:04:07 UTC 2022] mail.intervalle-arts.com is already verified, skip http-01.
[Sun Dec 4 10:04:07 UTC 2022] Verifying: www.mail.intervalle-arts.com
[Sun Dec 4 10:04:07 UTC 2022] d=‘www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:07 UTC 2022] keyauthorization=‘EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M’
[Sun Dec 4 10:04:07 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:07 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:07 UTC 2022] wellknown_path=‘/usr/local/lsws/Example/html/.well-known/acme-challenge’
[Sun Dec 4 10:04:07 UTC 2022] writing token:EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk to /usr/local/lsws/Example/html/.well-known/acme-challenge/EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk
[Sun Dec 4 10:04:07 UTC 2022] Changing owner/group of .well-known to root:root
[Sun Dec 4 10:04:07 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:07 UTC 2022] payload=‘{}’
[Sun Dec 4 10:04:07 UTC 2022] POST
[Sun Dec 4 10:04:07 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:07 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:07 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:07 UTC 2022] code=‘200’
[Sun Dec 4 10:04:07 UTC 2022] trigger validation code: 200
[Sun Dec 4 10:04:07 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Dec 4 10:04:07 UTC 2022] sleep 2 secs to verify again
[Sun Dec 4 10:04:10 UTC 2022] checking
[Sun Dec 4 10:04:10 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:10 UTC 2022] payload
[Sun Dec 4 10:04:10 UTC 2022] POST
[Sun Dec 4 10:04:10 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:10 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:10 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:10 UTC 2022] code=‘200’
[Sun Dec 4 10:04:10 UTC 2022] www.mail.intervalle-arts.com:Verify error:DNS problem: NXDOMAIN looking up A for www.mail.intervalle-arts.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.mail.intervalle-arts.com - check that a DNS record exists for this domain
[Sun Dec 4 10:04:10 UTC 2022] Debug: get token url.
[Sun Dec 4 10:04:10 UTC 2022] GET
[Sun Dec 4 10:04:10 UTC 2022] url=‘http://www.mail.intervalle-arts.com/.well-known/acme-challenge/EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk’
[Sun Dec 4 10:04:10 UTC 2022] timeout=1
[Sun Dec 4 10:04:10 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1’
[Sun Dec 4 10:04:11 UTC 2022] Please refer to libcurl - Error Codes for error code: 6
[Sun Dec 4 10:04:11 UTC 2022] ret=‘6’
[Sun Dec 4 10:04:11 UTC 2022] Debugging, skip removing: /usr/local/lsws/Example/html/.well-known/acme-challenge/EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk
[Sun Dec 4 10:04:11 UTC 2022] pid
[Sun Dec 4 10:04:11 UTC 2022] No need to restore nginx, skip.
[Sun Dec 4 10:04:11 UTC 2022] _clearupdns
[Sun Dec 4 10:04:11 UTC 2022] dns_entries
[Sun Dec 4 10:04:11 UTC 2022] skip dns.
[Sun Dec 4 10:04:11 UTC 2022] _on_issue_err
[Sun Dec 4 10:04:11 UTC 2022] Please add ‘–debug’ or ‘–log’ to check more details.
[Sun Dec 4 10:04:11 UTC 2022] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
[Sun Dec 4 10:04:11 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ’
[Sun Dec 4 10:04:11 UTC 2022] payload=’{}’
[Sun Dec 4 10:04:11 UTC 2022] POST
[Sun Dec 4 10:04:11 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ’
[Sun Dec 4 10:04:11 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:11 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:11 UTC 2022] code=‘200’
[Sun Dec 4 10:04:11 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:11 UTC 2022] payload=’{}’
[Sun Dec 4 10:04:11 UTC 2022] POST
[Sun Dec 4 10:04:11 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw’
[Sun Dec 4 10:04:11 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:11 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:11 UTC 2022] code=‘400’
[Sun Dec 4 10:04:11 UTC 2022] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-fips 26 Jan 2017
apache:
apache doesn’t exist.
nginx:
nginx doesn’t exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Jun 23 2017 10:19:11
running on Linux version #1 SMP Tue Jan 25 12:49:12 MSK 2022, release 3.10.0, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#define WITH_READLINE 1
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/
You have new mail in /var/spool/mail/root

Next, the contents of the live/ folder

[root@taro ~]# ls /etc/letsencrypt/live/
Nihon-noir.com mail.Nihon-noir.com mail.nihon-noir.com
intervalle-arts.com mail.intervalle-arts.com nihon-noir.com
[root@taro ~]#

I also found this in dovecot.conf

local_name mail.intervalle-arts.com {
ssl_cert = </etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
}

Here is the issue. DNS problem for mail.intervalle-arts.com. Does this record appear in your CyberPanel DNS records ? Navigate to → https://SERVER_URL:8090/dns/addDeleteDNSRecords if not create it

Your DNS records are ok as reported here DNS Lookup - Check All DNS Records for Any Domain

Thanks! My DNS records are actually set in my Hostinger domain panel. There is an AAAA record for the IPv6 address (@) for the server. I’ve check in cyberpanel and there are also a number of entries in there too, but no AAAA record. Do I need one for mail.intervalle-arts.com? Also, should I delete all the cyberpanel DNS entries as I’m using the hostinger namesevers? There’s like a double dozen TXT records all saying the same three things.

CyberPanel generated duplicate records when you do particular actions on CyberPanel that generate DNS records.

Do not delete the records on CyberPanel just delete the duplicates.

From what you have presented I do not believe there is an issue with your DNS records at all.

Netx course of action is arguably the suitable option if all CyberPanel recommended options fail.

We will remove private keys and certificates at the Virtual Host Level for intervalle-arts.com

Go to OLS WebAdmin Console of your server i.e https://SERVER_URL:7080 use admin and password you chose for CyberPanel admin panel

If you cannot log in. Using SSH Terminal run adminPass add new password

Then you delete all private keys and certificates for respective website from server:

$ rm -f /etc/letsencrypt/live/intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem

$ rm -f /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem

$ rm -f /etc/letsencrypt/live/ssl.intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/ssl.intervalle-arts.com/fullchain.pem

Then issue the ssl for

1. Go to https://SERVER_IP:8090/manageSSL/manageSSL
2. Choose intervalle-arts.com
3. Click on Issue SSL

Then issue SSL for mailserver see below

References:

1. website ssl, 1 - Issuing SSL for website - Docs - CyberPanel Community
2. email server ssl 2 - SSL For PostFix/Dovecot - Docs - CyberPanel Community

Sidenote if you can migrate all your accounts to Cyberpnael server running on either AlmaLinux 8.4 or Ubuntu 20.04 LTS. Personally i recommend my customers to avoid Hostinger CyberPanel VPS products

Thanks again!

I’m having trouble with OLS as there is no tab for SSL in the settings page.

スクリーンショット 2022-12-04 20.24.392238×990 228 KB

EDIT: I wish I hadn’t gone with Hostinger. Unfortunately, they sold me a three year contract and I’m stuck with it. I will migrate as soon as I’m able.

My mistake! I found them under virtual severs.

I used the commands you gave in SSH and then logged out and back in again to OLS but the entries are still there. Does that mean the operation was unsuccessful? I check the files and a cert.pm files is still in (for example) the directory intervalle-arts.com

Hi! I followed the instructions you gave me until he end.

I removed the files from the folders listed by OLS. I checked they’d been removed. I then went into Cyberpanel and reissued SSLs. Unfortunately, they still result in self-signed certs (I check the folders again, and the .pem files were re-added.

I ran the previous script and got these results:

[root@taro intervalle-arts.com]# /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt

[Sun Dec 4 11:56:57 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory

[Sun Dec 4 11:56:57 UTC 2022] Multi domain='DNS:intervalle-arts.com,DNS:www.intervalle-arts.com'

[Sun Dec 4 11:56:57 UTC 2022] Getting domain auth token for each domain

[Sun Dec 4 11:56:58 UTC 2022] **Create new order error. Le_OrderFinalize not found. {**

**"type": "urn:ietf:params:acme:error:rateLimited",**

**"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: intervalle-arts.com,www.intervalle-arts.com, retry after 2022-12-04T12:59:58Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",**

**"status": 429**

**}**

[Sun Dec 4 11:56:58 UTC 2022] **Please add '--debug' or '--log' to check more details.**

[Sun Dec 4 11:56:58 UTC 2022] **See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh**

Hey @Rofocale

Now you can’t renew ssl from LE because you server reached the limit(Rate Limits - Let's Encrypt).
Please share the followings command output

openssl x509 -text -noout -in /root/.acme.sh/intervalle-arts.com_ecc/backup/fullchain.bak | egrep “CN|Issuer|Not Before|Not After”
openssl x509 -text -noout -in /root/.acme.sh/intervalle-arts.com_ecc/fullchain.cer | egrep “CN|Issuer|Not Before|Not After”

openssl x509 -text -noout -in /root/.acme.sh/mail.intervalle-arts.com_ecc/backup/fullchain.bak | egrep “CN|Issuer|Not Before|Not After”

openssl x509 -text -noout -in /root/.acme.sh/mail.intervalle-arts.com_ecc/fullchain.cer | egrep “CN|Issuer|Not Before|Not After”

So we can decide what to do next.

hi, @luckyrajpurohit

Many thanks for the info. I tried the commands you suggested but I get the below message:

-bash: Not: command not found

-bash: Issuer: command not found

-bash: Not: command not found

share screenshot, it seem you made mistake with egrep command.

Sure!

スクリーンショット 2022-12-04 21.20.061166×454 116 KB

manually replace " by typing the " and run again. if still not working remove ’ | egrep “CN|Issuer|Not Before|Not After”’ the each command

Hi, I’m trying to do that but it keeps duplicating the text and I can’t just use the arrow keys to move to the text and edit it. Is there an easier way to do that?

Got it, sorry used a plain text editor. Apologies for the stupid question.

[root@taro ~]# openssl x509 -text -noout -in /root/.acme.sh/intervalle-arts.com_ecc/backup/fullchain.bak | egrep “CN|Issuer|Not Before|Not After”
Issuer: C=US, O=Let’s Encrypt, CN=R3
Not Before: Dec 3 06:13:46 2022 GMT
Not After : Mar 3 06:13:45 2023 GMT
Subject: CN=intervalle-arts.com
CA Issuers - URI:http://r3.i.lencr.org/
[root@taro ~]# openssl x509 -text -noout -in /root/.acme.sh/intervalle-arts.com_ecc/fullchain.cer | egrep “CN|Issuer|Not Before|Not After”
Issuer: C=US, O=Let’s Encrypt, CN=R3
Not Before: Dec 3 06:30:51 2022 GMT
Not After : Mar 3 06:30:50 2023 GMT
Subject: CN=intervalle-arts.com
CA Issuers - URI:http://r3.i.lencr.org/
[root@taro ~]#
[root@taro ~]# openssl x509 -text -noout -in /root/.acme.sh/mail.intervalle-arts.com_ecc/backup/fullchain.bak | egrep “CN|Issuer|Not Before|Not After”
Issuer: C=US, O=Let’s Encrypt, CN=R3
Not Before: Dec 1 09:29:46 2022 GMT
Not After : Mar 1 09:29:45 2023 GMT
Subject: CN=mail.intervalle-arts.com
CA Issuers - URI:http://r3.i.lencr.org/
[root@taro ~]#
[root@taro ~]# openssl x509 -text -noout -in /root/.acme.sh/mail.intervalle-arts.com_ecc/fullchain.cer | egrep “CN|Issuer|Not Before|Not After”
Issuer: C=US, O=Let’s Encrypt, CN=R3
Not Before: Dec 2 03:20:14 2022 GMT
Not After : Mar 2 03:20:13 2023 GMT
Subject: CN=mail.intervalle-arts.com
CA Issuers - URI:http://r3.i.lencr.org/
[root@taro ~]#

1. exit ssh and login again
2. copy all command shared by me to any text editor >> made changes >> copy paste to terminal

Hi, sorry. Just did that please see above output. Thanks

Run following coomands and test ssl on SSL Checker

openssl x509 -inform der -in /root/.acme.sh/intervalle-arts.com_ecc/fullchain.cer -out /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem
openssl rsa -in /root/.acme.sh/intervalle-arts.com_ecc/intervalle-arts.com.key -text > /etc/letsencrypt/live/intervalle-arts.com/privkey.pem

openssl x509 -inform der -in /root/.acme.sh/mail.intervalle-arts.com_ecc/fullchain.cer -out /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
openssl rsa -in /root/.acme.sh/mail.intervalle-arts.com_ecc/mail.intervalle-arts.com.key -text > /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem

service lsws restart && service lscpd restart

Thanks, just running the first command and I get the below error:

スクリーンショット 2022-12-04 21.45.221514×326 125 KB

ok,
try like this
cat /root/.acme.sh/intervalle-arts.com_ecc/fullchain.cer > /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem
cat /root/.acme.sh/intervalle-arts.com_ecc/intervalle-arts.com.key > /etc/letsencrypt/live/intervalle-arts.com/privkey.pem

Great! Should I run the same one with mail.intervalle-arts.com too?

yes, please
Make sure sourefile and destination is correct

Nice, ok. I did both and no errors via ssh. I checked on SSL Checker but it says that both intervalle-arts.com and mail.intervalle-arts.com are self-signed.

スクリーンショット 2022-12-04 22.02.091528×970 229 KB

スクリーンショット 2022-12-04 22.02.221528×1006 218 KB

Did you restart lsws and lscpd?
The primary domain SSL is perfect but you made mistake dring mail SSL.

cat /root/.acme.sh/mail.intervalle-arts.com_ecc/fullchain.cer > /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
cat /root/.acme.sh/mail.intervalle-arts.com_ecc/intervalle-arts.com.key > /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem

service lsws restart && service lscpd restart

Thanks! I just noticed that. I re-ran the command you gave me and I try SSL checker but I get the below:

スクリーンショット 2022-12-04 22.11.261528×1366 301 KB

Also, should I rerun it for www.intervalle-arts.com as well? Intervalle-arts.com is now displaying as secure! Hopefully, mail.intervalle-arts.com is next

read this and try

I did but I’m still getting the same result…

Then, how mail domain loading the parent domain SSL. Please re-run given command for mail only. also share history command output and later /usr/local/lsws/conf/httpd_config.conf content

Ah, my mistake. It is saying no such file or directory:

スクリーンショット 2022-12-04 22.21.571694×528 176 KB

did you find the mistake or still not? i gave correctly.

I copied and pasted but I think that there may be something missing on the server:

cat: /root/.acme.sh/mail.intervalle-arts.com_ecc/intervalle-arts.com.key: No such file or directory

The contents of that directory:

[root@taro mail.intervalle-arts.com_ecc]# ls
backup fullchain.cer mail.intervalle-arts.com.conf mail.intervalle-arts.com.csr.conf
ca.cer mail.intervalle-arts.com.cer mail.intervalle-arts.com.csr mail.intervalle-arts.com.key
[root@taro mail.intervalle-arts.com_ecc]#

cat /root/.acme.sh/mail.intervalle-arts.com_ecc/fullchain.cer > /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
cat /root/.acme.sh/mail.intervalle-arts.com_ecc/mail.intervalle-arts.com.key > /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem

Great! It now says the SSL is OK! Thanks!

Would I do the same thing for www.intervalle-arts.com?

Also, what about the Cyberpanel autorenew function and what would happen when the cert expires?

Thanks again for all the help. Bit of an update: I’m still having issues with mail exchanges recognising the new SSL, they still show the expired one. Also, when I test on //email/testTo: I get the both results.

スクリーンショット 2022-12-04 22.49.221738×1328 351 KB

I also tried to check the SSL on geocerts and got this:

スクリーンショット 2022-12-04 22.57.301500×1314 127 KB

i was talking about SSL button not about renew cron. Also, sometimes lsws not getting restart even after sucessful renew by cron. so you can set lsws restart cron once a week.
Don’t use Cyberpanel SSL renew button showing on website listing page more than once. if first time its not working then run from commandline with --debug option for finding issue.

For now run below commands:
cat /root/.acme.sh/intervalle-arts.com_ecc/backup/fullchain.bak> /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem
cat /root/.acme.sh/intervalle-arts.com_ecc/backup/key.bak > /etc/letsencrypt/live/intervalle-arts.com/privkey.pem
rm /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/private/dovecot.pem
ln -s /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem /etc/pki/dovecot/certs/dovecot.pem
ln -s /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem /etc/pki/dovecot/private/dovecot.pem
service lsws restart && service postfix restart && service dovecot restart

tail -n 4 /etc/dovecot/dovecot.conf
#make sure above tail command output have without #
#local_name mail.intervalle-arts.com {

ssl_cert = </etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem

ssl_key = </etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem

#}

if you are not able to get www SSL working, Please renew SSL after limit ban removal. or try other SSL like zero SSL instead of LE.
Hope everything will be fine.

Hi @luckyrajpurohit @josephgodwinke. Sorry to bother you again, but I’m getting some very odd errors since yesterday evening.

I received a couple of mails from Cyberpanel Log:

The first:

[12.05.2022_00-00-06] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90].

The second:

[12.05.2022_02-00-04] [Errno 2] No such file or directory: ‘postmap’: ‘postmap’. [ProcessUtilities.normalExecutioner.Base].
[12.05.2022_02-00-04] Running SSL Renew Utility.

The third:

[12.05.2022_03-05-32] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’).
[12.05.2022_03-05-32] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’).

I exported the CYBERPANEL LOG below:

[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-29] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-00-31] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-01-50] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-02-04] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-05-32] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.05.2022_03-05-32] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)

Also, the ERROR LOG:

2022-12-05 03:00:56.035912 [NOTICE] [26034] [UDP [::]:443] Worker #2 activates SO_REUSEPORT #2 socket, fd: 36
2022-12-05 03:00:56.035922 [INFO] [26034] [UDP:[::]:443] initPacketsIn: allocated 100 packets
2022-12-05 03:00:56.035932 [NOTICE] [26034] Stop listener :7080, fd 21.
2022-12-05 03:00:56.035932 [INFO] [26033] [lsphp]: locked pid file [/tmp/lshttpd/lsphp.sock.pid].
2022-12-05 03:00:56.035926 [INFO] [26035] Close SO_REUSEPORT #1 fd: 23.
2022-12-05 03:00:56.035948 [INFO] [26033] [lsphp] remove unix socket for detached process: /tmp/lshttpd/lsphp.sock
2022-12-05 03:00:56.035955 [INFO] [26035] Close SO_REUSEPORT #2 fd: 24.
2022-12-05 03:00:56.035960 [NOTICE] [26035] [:80] Worker #3 activates SO_REUSEPORT #3 socket, fd: 25
2022-12-05 03:00:56.035984 [INFO] [26035] Close SO_REUSEPORT #1 fd: 26.
2022-12-05 03:00:56.035989 [INFO] [26035] Close SO_REUSEPORT #2 fd: 27.
2022-12-05 03:00:56.035993 [NOTICE] [26035] [*:443] Worker #3 activates SO_REUSEPORT #3 socket, fd: 28
2022-12-05 03:00:56.036005 [INFO] [26035] Close SO_REUSEPORT #1 fd: 29.
2022-12-05 03:00:56.036009 [INFO] [26035] Close SO_REUSEPORT #2 fd: 30.
2022-12-05 03:00:56.036013 [NOTICE] [26035] [UDP *:443] Worker #3 activates SO_REUSEPORT #3 socket, fd: 31
2022-12-05 03:00:56.036016 [NOTICE] [26033] [LocalWorker::workerExec] Config[lsphp]: suExec uid 99 gid 99 cmd /usr/local/lsws/lsphp73/bin/lsphp, final uid 99 gid 99, flags: 0.
2022-12-05 03:00:56.036044 [INFO] [26035] [UDP:0.0.0.0:443] initPacketsIn: allocated 100 packets
2022-12-05 03:00:56.036055 [INFO] [26035] Close SO_REUSEPORT #1 fd: 32.
2022-12-05 03:00:56.036059 [INFO] [26035] Close SO_REUSEPORT #2 fd: 33.
2022-12-05 03:00:56.036063 [NOTICE] [26035] [[::]:443] Worker #3 activates SO_REUSEPORT #3 socket, fd: 34
2022-12-05 03:00:56.036069 [INFO] [26035] Close SO_REUSEPORT #1 fd: 35.
2022-12-05 03:00:56.036073 [INFO] [26035] Close SO_REUSEPORT #2 fd: 36.
2022-12-05 03:00:56.036076 [NOTICE] [26034] AIO is not supported on this machine!
2022-12-05 03:00:56.036077 [NOTICE] [26035] [UDP [::]:443] Worker #3 activates SO_REUSEPORT #3 socket, fd: 37
2022-12-05 03:00:56.036093 [INFO] [26035] [UDP:[::]:443] initPacketsIn: allocated 100 packets
2022-12-05 03:00:56.036099 [NOTICE] [26035] Stop listener *:7080, fd 21.
2022-12-05 03:00:56.036109 [NOTICE] [26034] Successfully change current user to nobody
2022-12-05 03:00:56.036123 [NOTICE] [26034] Core dump is enabled.
2022-12-05 03:00:56.036151 [NOTICE] [26034] Setup swapping space…
2022-12-05 03:00:56.036193 [NOTICE] [26034] LiteSpeed/1.7.16 Open starts successfully!
2022-12-05 03:00:56.036240 [NOTICE] [26035] AIO is not supported on this machine!
2022-12-05 03:00:56.036275 [NOTICE] [26035] Successfully change current user to nobody
2022-12-05 03:00:56.036287 [NOTICE] [26035] Core dump is enabled.
2022-12-05 03:00:56.036312 [NOTICE] [26035] Setup swapping space…
2022-12-05 03:00:56.036353 [NOTICE] [26035] LiteSpeed/1.7.16 Open starts successfully!
2022-12-05 03:00:56.036375 [NOTICE] [26033] [lsphp] add child process pid: 26036
2022-12-05 03:00:56.036421 [INFO] [26033] [lsphp]: unlocked pid file [/tmp/lshttpd/lsphp.sock.pid].
2022-12-05 03:00:56.036477 [INFO] [26033] [inter46336157.990]: locked pid file [/tmp/lshttpd/inter46336157.sock.pid].
2022-12-05 03:00:56.036482 [INFO] [26033] [inter46336157.990] remove unix socket for detached process: /tmp/lshttpd/inter46336157.sock
2022-12-05 03:00:56.036526 [NOTICE] [26033] [LocalWorker::workerExec] VHost:mail.intervalle-arts.com suExec check uid 99 gid 99 setuidmode 0.
2022-12-05 03:00:56.036532 [NOTICE] [26033] [LocalWorker::workerExec] Config[inter46336157.990]: suExec uid 5002 gid 5002 cmd /usr/local/lsws/lsphp73/bin/lsphp, final uid 5002 gid 5002, flags: 0.
2022-12-05 03:00:56.041349 [NOTICE] [26033] [inter46336157.990] add child process pid: 26037
2022-12-05 03:00:56.041415 [INFO] [26033] [inter46336157.990]: unlocked pid file [/tmp/lshttpd/inter46336157.sock.pid].
2022-12-05 03:00:56.041474 [INFO] [26033] [inter4633.990]: locked pid file [/tmp/lshttpd/inter4633.sock.pid].
2022-12-05 03:00:56.041480 [INFO] [26033] [inter4633.990] remove unix socket for detached process: /tmp/lshttpd/inter4633.sock
2022-12-05 03:00:56.041535 [NOTICE] [26033] [LocalWorker::workerExec] VHost:intervalle-arts.com suExec check uid 99 gid 99 setuidmode 0.
2022-12-05 03:00:56.041543 [NOTICE] [26033] [LocalWorker::workerExec] Config[inter4633.990]: suExec uid 5002 gid 5002 cmd /usr/local/lsws/lsphp74/bin/lsphp, final uid 5002 gid 5002, flags: 0.
2022-12-05 03:00:56.041794 [NOTICE] [26033] [inter4633.990] add child process pid: 26038
2022-12-05 03:00:56.041846 [INFO] [26033] [inter4633.990]: unlocked pid file [/tmp/lshttpd/inter4633.sock.pid].
2022-12-05 03:00:56.041875 [NOTICE] [26033] Setup swapping space…
2022-12-05 03:00:56.041957 [NOTICE] [26033] LiteSpeed/1.7.16 Open starts successfully!

Aslo, if the auto-renewal is running via Cyberpanel and requesting certs from Let’s Encrypt, does that mean the limit ban will just keep continuing forever?

Outgoing emails are being rejected. Are you sendin bulk emails? Your postfix MTA is opening so many concurrent connections at a single time 03-00-29

Solution: As explained here Postfix Configuration Parameters run the command nano /etc/postfix-out/main.cf or vi /etc/postfix-out/main.cf on AlmaLinux and change

# Don't anvil(8) control the re-injection port.
#
# smtpd_client_connection_count_limit = 0
# 50 concurrent connections
smtpd_client_connection_count_limit = 50 

Read here:

Hi! No, I’ve only sent two or three mails out to test the new SSLs. I’ve checked all the mails and there’s nothing outgoing or stuck in a queue. What could be causing this? Maybe something I did yesterday while trying to fix the SSL issue?

I read the article on rate limits, but if Cyberpanel is requesting new SSLs every day via auto renew doesn’t that mean that the limit will be hit again an again and again?

I believe @luckyrajpurohit gave you the proper way to solve this issue rather than my delete-all-start-all-over again method. I have taken the time to look over his/her steps and they look okay to me.

Did you do anything extra out of what he/she posted?

Thanks for the reply, I haven’t done anything extra at all. I honestly wouldn’t know how!

I just want to check the below questions before I proceed with @luckyrajpurohit 's fix as things are getting a little confusing for me.

1. for the multiple connections issue. In cyberpanel how can I diagnose the cause of these hundreds of connections? Also, should I do the Postfix Configuration Parameters you suggested? I filled the nano command but there was no such document.

2. the limit ban with Let’s Encrypt. For this ban to be lifted, I mustn’t request/renew my SSL for one week. But everyday, Cyberpanel is renewing SSL automatically, so I will never escape the ban. Is this correct?

3. after, should I know run the fix from @luckyrajpurohit to solve the issues from my previous post?

Thanks again, I’m sorry this is taking so long.

Hello,

1. Check mail logs, auth/message logs for the multiple connections issue
2. cyberpanel renewal script run everyday but not requesting the LE server for SSL till ssl not expiring in next 15 days.
3. check SPF and DKIM if Outgoing emails are being rejected.

Hi, @luckyrajpurohit I appreciate the breakdown, many thanks.

I have new errors today. I didn’t touch anything yesterday other than look at logs, but now cyberpanel is reporting multiple errors.

1. My mail client was unable to connect to my e-mail sever this morning at the same time Cyberpanel was running the auto-renewal SSL function. I got a sever 500 error in Cyberpanle and the mail client error was:

I checked the EMAIL logs in cyberpanel and got this:

Dec 6 03:01:41 taro postfix/trivial-rewrite[69828]: warning: virtual_mailbox_domains lookup failure
Dec 6 03:01:47 taro postfix/trivial-rewrite[69828]: warning: virtual_mailbox_domains: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf: table lookup problem
Dec 6 03:01:49 taro postfix/trivial-rewrite[69828]: warning: virtual_mailbox_domains lookup failure
Dec 6 03:01:55 taro postfix/smtpd[69900]: NOQUEUE: reject: RCPT from o19837159x89.outbound-mail.sendgrid.net[198.37.159.89]: 451 4.3.0 chris.hayes@intervalle-arts.com: Temporary lookup failure; from=bounces+5900088-83b4-chris.hayes=intervalle-arts.com@sendgrid.net to=chris.hayes@intervalle-arts.com proto=ESMTP helo=<o19837159x89.outbound-mail.sendgrid.net>
Dec 6 03:01:55 taro postfix/smtpd[69900]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient “chris.hayes@intervalle-arts.com” from client “o19837159x89.outbound-mail.sendgrid.net[198.37.159.89]”
Dec 6 03:01:55 taro postfix/smtpd[69900]: disconnect from o19837159x89.outbound-mail.sendgrid.net[198.37.159.89] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Dec 6 03:01:55 taro dovecot: auth-worker(70068): Error: mysql(localhost): Connect failed to database (cyberpanel): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2 “No such file or directory”) - waiting for 125 seconds before retry
Dec 6 03:01:55 taro dovecot: auth-worker(70068): Error: mysql(localhost): Connect failed to database (cyberpanel): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2 “No such file or directory”) - waiting for 125 seconds before retry
Dec 6 03:01:55 taro dovecot: auth-worker(70068): Error: mysql(localhost): Connect failed to database (cyberpanel): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2 “No such file or directory”) - waiting for 125 seconds before retry
Dec 6 03:01:55 taro dovecot: auth-worker(70068): Error: mysql(localhost): Connect failed to database (cyberpanel): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2 “No such file or directory”) - waiting for 125 seconds before retry
Dec 6 03:02:15 taro spamd[70019]: spamd: server killed by SIGTERM, shutting down
Dec 6 03:02:15 taro dovecot: auth-worker(70068): Error: sqlpool(mysql): Finished query ‘SELECT email as user, password FROM e_users WHERE email=‘chris.hayes@intervalle-arts.com’;’ in 60018 msecs: Query timed out (no free connections for 60 secs)
Dec 6 03:02:15 taro dovecot: auth-worker(70068): Error: conn unix:auth-worker (pid=69764,uid=0): auth-worker<1>: sql(chris.hayes@intervalle-arts.com,203.10.99.13,<QUuPAiDvI/3LCmMN>): Password query failed: Not connected to database
Dec 6 03:02:15 taro dovecot: auth: Error: auth-worker: Aborted PASSV request for chris.hayes@intervalle-arts.com: Lookup timed out
Dec 6 03:02:15 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=86.48.13.251, lip=93.188.165.29, mpid=70138, TLS, session=<w9uf/x/v0PRWMA37>
Dec 6 03:02:15 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=86.48.13.251, lip=93.188.165.29, mpid=70141, TLS, session=<1BHGByDvK/VWMA37>
Dec 6 03:02:15 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=86.48.13.251, lip=93.188.165.29, mpid=70143, TLS, session=
Dec 6 03:02:16 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=86.48.13.251, lip=93.188.165.29, mpid=70145, TLS, session=
Dec 6 03:02:16 taro dovecot: imap(chris.hayes@intervalle-arts.com)<70145>: Disconnected: Logged out in=36 out=555 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 6 03:02:17 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=203.10.99.13, lip=93.188.165.29, mpid=70146, TLS, session=<QUuPAiDvI/3LCmMN>
Dec 6 03:02:21 taro spamd[70149]: logger: removing stderr method
Dec 6 03:02:21 taro spamd[70153]: spamd: server started on IO::Socket::IP [127.0.0.1]:783, IO::Socket::IP [::1]:783 (running version 3.4.0)
Dec 6 03:02:27 taro spamd[70153]: spamd: server pid: 70153
Dec 6 03:02:27 taro spamd[70153]: spamd: server successfully spawned child process, pid 70155
Dec 6 03:02:27 taro spamd[70153]: spamd: server successfully spawned child process, pid 70156
Dec 6 03:02:27 taro spamd[70153]: prefork: child states: IS
Dec 6 03:02:27 taro spamd[70153]: prefork: child states: II
Dec 6 03:02:27 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=203.10.99.13, lip=93.188.165.29, mpid=70157, TLS, session=<kdQ5CCDvK/3LCmMN>
Dec 6 03:02:27 taro dovecot: imap(chris.hayes@intervalle-arts.com)<70143>: Disconnected: Logged out in=697 out=6699 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 6 03:02:58 taro postfix/smtpd[69900]: connect from o19837159x89.outbound-mail.sendgrid.net[198.37.159.89]
Dec 6 03:02:58 taro postfix/smtpd[69900]: NOQUEUE: reject: RCPT from o19837159x89.outbound-mail.sendgrid.net[198.37.159.89]: 451 4.3.0 chris.hayes@intervalle-arts.com: Temporary lookup failure; from=bounces+5900088-83b4-chris.hayes=intervalle-arts.com@sendgrid.net to=chris.hayes@intervalle-arts.com proto=ESMTP helo=<o19837159x89.outbound-mail.sendgrid.net>
Dec 6 03:02:58 taro postfix/smtpd[69900]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient “chris.hayes@intervalle-arts.com” from client “o19837159x89.outbound-mail.sendgrid.net[198.37.159.89]”
Dec 6 03:02:58 taro postfix/smtpd[69900]: disconnect from o19837159x89.outbound-mail.sendgrid.net[198.37.159.89] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Dec 6 03:02:58 taro postfix/smtpd[69900]: connect from localhost[::1]
Dec 6 03:02:58 taro postfix/smtpd[69900]: NOQUEUE: reject: RCPT from localhost[::1]: 451 4.3.0 Chris.Hayes@intervalle-arts.com: Temporary lookup failure; from=root@taro.intervalle-arts.com to=Chris.Hayes@intervalle-arts.com proto=ESMTP helo=<taro.intervalle-arts.com>
Dec 6 03:02:58 taro postfix/smtpd[69900]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient “Chris.Hayes@intervalle-arts.com” from client “localhost[::1]”
Dec 6 03:02:58 taro postfix/smtpd[70165]: connect from localhost[::1]
Dec 6 03:02:58 taro postfix/smtpd[70165]: 827FDC00A2: client=localhost[::1]
Dec 6 03:02:58 taro postfix/cleanup[70170]: 827FDC00A2: message-id=20221206030257.827FDC00A2@mail.intervalle-arts.com
Dec 6 03:02:58 taro opendkim[496]: 827FDC00A2: no signing table match for ‘root@taro.intervalle-arts.com’
Dec 6 03:02:58 taro opendkim[496]: 827FDC00A2: no signature data
Dec 6 03:02:59 taro postfix/qmgr[68174]: 827FDC00A2: from=root@taro.intervalle-arts.com, size=605, nrcpt=1 (queue active)
Dec 6 03:03:00 taro postfix/smtpd[70165]: disconnect from localhost[::1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Dec 6 03:03:00 taro postfix/smtpd[69900]: lost connection after RSET from localhost[::1]
Dec 6 03:03:00 taro postfix/smtpd[69900]: disconnect from localhost[::1] ehlo=1 mail=1 rcpt=0/1 rset=1 commands=3/4
Dec 6 03:03:00 taro postfix/pipe[70172]: 827FDC00A2: to=chris.hayes@intervalle-arts.com, relay=dovecot, delay=0.11, delays=0.09/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Dec 6 03:03:00 taro postfix/qmgr[68174]: 827FDC00A2: removed
Dec 6 03:03:07 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=203.10.99.13, lip=93.188.165.29, mpid=70190, TLS, session=
Dec 6 03:03:56 taro dovecot: imap(chris.hayes@intervalle-arts.com)<70157><kdQ5CCDvK/3LCmMN>: Disconnected: Logged out in=320 out=1940 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 6 03:04:26 taro dovecot: imap(chris.hayes@intervalle-arts.com)<70146><QUuPAiDvI/3LCmMN>: Disconnected: Logged out in=1424 out=3264 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

2. I received this error in an e-mail report from Cyberpanel at the same time it was running the SSL auto-renewal function:

[12.06.2022_03-02-57] {‘Chris.Hayes@intervalle-arts.com’: (451, b’4.3.0 <Chris.Hayes@intervalle-arts.com>: Temporary lookup failure’)}.

3. I also received this error in a separate report at the same time as (2):

[12.06.2022_02-00-03] [Errno 2] No such file or directory: ‘postmap’: ‘postmap’. [ProcessUtilities.normalExecutioner.Base].

4. earlier this morning I received this error report:

[12.06.2022_00-00-05] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90].

5. I’ve been getting regular Server 500 errors while logged onto Cyberpanel.

6. I’m still getting the “too many connections errors” In Cyberpanel main log. It’s about the same time as yesterday, could there be a process causing this?:

[12.06.2022_03-34-28] (421, b’4.7.0 mail.intervalle-arts.com Error: too many connections from ::1’)
[12.06.2022_03-34-28] maximum recursion depth exceeded while calling a Python object

7. DKIM errors (see below)

I really, really appreciate the help from you both, but I feel like I might be making things worse!!!

@luckyrajpurohit thanks for your feedback:

1. I’ve posted my mail log above, I searched but I couldn’t find the auth/message logs.

2. Thanks! But check says Certificate #1 is still expired, so I think the auto-renewal for LE is still requesting.
   

   

   スクリーンショット 2022-12-06 12.42.301752×1106 181 KB

3. I’ve checked SPF and DKIM on SPF Checker - SPF Lookup and https://dmarcian.com/dkim-inspector/ SPF is OK. For DKIM (“intervalle-arts.com” and selector = default) they both say “no DKIM record found”.

If I go into DKIM manager in Cyberpanel it says “key successfully fetched” and displays key, but when I look at the Cyberpanle error log it says

[12.06.2022_04-49-06] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command '[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1…

Quick addition:

I’m refreshing my e-mail logs and even though I’m not using my mail address for anything, I can see that a process “spamd” is running over and over.

Dec 6 05:13:59 taro spamd[75036]: spamd: server killed by SIGTERM, shutting down
Dec 6 05:13:59 taro spamd[75070]: logger: removing stderr method
Dec 6 05:14:01 taro spamd[75074]: spamd: server started on IO::Socket::IP [127.0.0.1]:783, IO::Socket::IP [::1]:783 (running version 3.4.0)
Dec 6 05:14:01 taro spamd[75074]: spamd: server pid: 75074
Dec 6 05:14:01 taro spamd[75074]: spamd: server successfully spawned child process, pid 75075
Dec 6 05:14:01 taro spamd[75074]: spamd: server successfully spawned child process, pid 75076
Dec 6 05:14:01 taro spamd[75074]: prefork: child states: IS
Dec 6 05:14:02 taro spamd[75074]: prefork: child states: II
Dec 6 05:14:16 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=::1, lip=::1, mpid=75097, TLS, session=
Dec 6 05:14:16 taro dovecot: imap(chris.hayes@intervalle-arts.com)<75097>: Disconnected: Logged out in=84 out=634 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 6 05:14:16 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=::1, lip=::1, mpid=75098, TLS, session=
Dec 6 05:14:16 taro dovecot: imap(chris.hayes@intervalle-arts.com)<75098>: Disconnected: Logged out in=522 out=1401 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 6 05:15:29 taro spamd[75074]: spamd: server killed by SIGTERM, shutting down
Dec 6 05:15:30 taro spamd[75129]: logger: removing stderr method
Dec 6 05:15:31 taro spamd[75133]: spamd: server started on IO::Socket::IP [127.0.0.1]:783, IO::Socket::IP [::1]:783 (running version 3.4.0)
Dec 6 05:15:31 taro spamd[75133]: spamd: server pid: 75133
Dec 6 05:15:31 taro spamd[75133]: spamd: server successfully spawned child process, pid 75134
Dec 6 05:15:31 taro spamd[75133]: spamd: server successfully spawned child process, pid 75135
Dec 6 05:15:31 taro spamd[75133]: prefork: child states: IS
Dec 6 05:15:31 taro spamd[75133]: prefork: child states: II
Dec 6 05:17:00 taro spamd[75133]: spamd: server killed by SIGTERM, shutting down
Dec 6 05:17:00 taro spamd[75162]: logger: removing stderr method
Dec 6 05:17:02 taro spamd[75166]: spamd: server started on IO::Socket::IP [127.0.0.1]:783, IO::Socket::IP [::1]:783 (running version 3.4.0)
Dec 6 05:17:02 taro spamd[75166]: spamd: server pid: 75166
Dec 6 05:17:02 taro spamd[75166]: spamd: server successfully spawned child process, pid 75167
Dec 6 05:17:02 taro spamd[75166]: spamd: server successfully spawned child process, pid 75168
Dec 6 05:17:02 taro spamd[75166]: prefork: child states: SI
Dec 6 05:17:02 taro spamd[75166]: prefork: child states: II
Dec 6 05:17:16 taro dovecot: imap-login: Login: user=chris.hayes@intervalle-arts.com, method=PLAIN, rip=193.29.61.200, lip=93.188.165.29, mpid=75188, TLS, session=<NC/W6iHvaMPBHT3I>
Dec 6 05:17:17 taro dovecot: imap(chris.hayes@intervalle-arts.com)<75188><NC/W6iHvaMPBHT3I>: Disconnected: Logged out in=36 out=555 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

I ran into same issue with a client and unfortunately these steps do not work

I have just followed these steps -

Go to OLS WebAdmin Console of your server i.e https://SERVER_URL:7080 use admin and password you chose for CyberPanel admin panel

If you cannot log in. Using SSH Terminal run adminPass add new password

Then you delete all private keys and certificates for respective website from server:

$ rm -f /etc/letsencrypt/live/intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem

$ rm -f /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem

$ rm -f /etc/letsencrypt/live/ssl.intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/ssl.intervalle-arts.com/fullchain.pem

Then run this command from https://community.cyberpanel.net/t/how-to-fix-ssl-issues-in-cyberpanel/90#debugging-with-command-line-6

/root/.acme.sh/acme.sh --issue -d <YOUR\_DOMAIN> -d www.<YOUR\_DOMAIN> --cert-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/cert.pem --key-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/privkey.pem --fullchain-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/fullchain.pem -w /usr/local/lsws/Example/html --force --debug

SSL-Checker808×744 140 KB

Hi Joseph,
May I know what was the reason of using these commands for client.

I gave first 2 commands for restoring SSL from backup and rest of commands for mail server SSL linking.

Correct. I restored the ssl from backup as the first ever step and restarted OLS and LSCPD but still the client had selfsigned cert

Hi @Rofocale
I can’t help for each point mantion in log via this forum.
Please hire a person that can check all the things.

Did you check SSL expiry and other info before restoring that file?

Yes the ssl was valid but for some reason CYberPanel chose to renew the certificate. I have removed the cronjob and added my own - nothing special just added a sink and different timing

Sorry if it’s not worked for you. To find a reason why SSL renew by cp, In this case you need to read the SSL renew python script mantion in cronjob.

I think at this stage it’s a delete the server and start again after a week or so. That way Cyberpanel doesn’t request any more SSL certs, the LE ban resets and all these connected errors will hopefully go away. Something in the above fixes that I’ve applied has caused a whole bunch of new but connected problems. This is too much work for just a simple Wordpress site and e-mail server.

Thanks both for all your help over the last few days.