Cannot ISSUE SSL FOR HOSTNAME

Hello, I’m trying to create an SSL for hostname but it doens’t work, I have followed the guide How to fix SSL issues in CyberPanel - CyberPanel. without any luck. The A records are poiting to the correct ip, but it doens’t generate the ssl from letsencrpyt, only have a self one.

NET::ERR_CERT_AUTHORITY_INVALID
Subject: www.example.com

Issuer: www.example.com

Expires on: Jun 11, 2031

Current date: Jun 13, 2021

Self-signed certificate. That’s likely because your domain is not correctly configured to point to your CP host. Did you set up your domain DNS zones?

Also, changes to DNS zones take some time to propagate across the Internet. You can test propagation of your DNS records across the planet with this tool: https://dnspropagation.net

Get some diagnostic info :

  1. Check CP error log for SSL issuance errors
    https://<cp_domain_or_ip>:8090/serverstatus/cyberCPMainLogFile

  2. Make sure the page at http:// (not https) shows your site or CyberPanel default page or 404.

  3. Check the certificate details in your browser for https://

Type your comment> @biguenique said:

Self-signed certificate. That’s likely because your domain is not correctly configured to point to your CP host. Did you set up your domain DNS zones?

Also, changes to DNS zones take some time to propagate across the Internet. You can test propagation of your DNS records across the planet with this tool: https://dnspropagation.net

Get some diagnostic info :

  1. Check CP error log for SSL issuance errors
    https://<cp_domain_or_ip>:8090/serverstatus/cyberCPMainLogFile

  2. Make sure the page at http:// (not https) shows your site or CyberPanel default page or 404.

  3. Check the certificate details in your browser for https://

Yes I did that before, the problem was something else that it was not stated in the article or anywhere else, I ran this command that I found on another thread here: “/root/.acme.sh/acme.sh --issue -d pesona-indonesia.info -d www.pesona-indonesia.info --cert-file /etc/letsencrypt/live/pesona-indonesia.info/cert.pem --key-file /etc/letsencrypt/live/pesona-indonesia.info/privkey.pem --fullchain-file /etc/letsencrypt/live/pesona-indonesia.info/fullchain.pem -w /home/pesona-indonesia.info/public_html --force” - replaced the domain with my own and got an error: “Please update your account with an email address first.acme.sh --register-account -m my@example.com”, I did just that and it’s working now.

Thanks for sharing! Turns out it’s related to this issue: “SSL Changes - Did they update it so instead of LetsEncyrpt they are now using ZeroSSL?”

Basically the problem only happens with newly added domains, that will use ZeroSSL in place of LetsEncrypt by default. This change comes from ACME, not CP. Older domains will still continue to renew their certificates through LetsEncrypt.

I confirm on my side that running acme.sh --register-account -m my@example.com (as root) fixes the issue by enabling ZeroSSL.

We’ve for now defaulted to Lets Encrypt.