Hello, I’m trying to create an SSL for hostname but it doens’t work, I have followed the guide How to fix SSL issues in CyberPanel - 03 - SSL - CyberPanel Community. without any luck. The A records are poiting to the correct ip, but it doens’t generate the ssl from letsencrpyt, only have a self one.
NET::ERR_CERT_AUTHORITY_INVALID
Subject: www.example.com
Issuer: www.example.com
Expires on: Jun 11, 2031
Current date: Jun 13, 2021
Self-signed certificate. That’s likely because your domain is not correctly configured to point to your CP host. Did you set up your domain DNS zones?
Also, changes to DNS zones take some time to propagate across the Internet. You can test propagation of your DNS records across the planet with this tool: https://dnspropagation.net
Get some diagnostic info :
Check CP error log for SSL issuance errors
https://<cp_domain_or_ip>:8090/serverstatus/cyberCPMainLogFile
Make sure the page at http:// (not https) shows your site or CyberPanel default page or 404.
Check the certificate details in your browser for https://
Type your comment> @biguenique said:
Self-signed certificate. That’s likely because your domain is not correctly configured to point to your CP host. Did you set up your domain DNS zones?
Also, changes to DNS zones take some time to propagate across the Internet. You can test propagation of your DNS records across the planet with this tool: https://dnspropagation.net
Get some diagnostic info :
Check CP error log for SSL issuance errors
https://<cp_domain_or_ip>:8090/serverstatus/cyberCPMainLogFileMake sure the page at http:// (not https) shows your site or CyberPanel default page or 404.
Check the certificate details in your browser for https://
Yes I did that before, the problem was something else that it was not stated in the article or anywhere else, I ran this command that I found on another thread here: “/root/.acme.sh/acme.sh --issue -d pesona-indonesia.info -d www.pesona-indonesia.info --cert-file /etc/letsencrypt/live/pesona-indonesia.info/cert.pem --key-file /etc/letsencrypt/live/pesona-indonesia.info/privkey.pem --fullchain-file /etc/letsencrypt/live/pesona-indonesia.info/fullchain.pem -w /home/pesona-indonesia.info/public_html --force” - replaced the domain with my own and got an error: “Please update your account with an email address first.acme.sh --register-account -m [email protected]”, I did just that and it’s working now.
Thanks for sharing! Turns out it’s related to this issue: “SSL Changes - Did they update it so instead of LetsEncyrpt they are now using ZeroSSL?”
https://forums.cyberpanel.net/discussion/5526/
Basically the problem only happens with newly added domains, that will use ZeroSSL in place of LetsEncrypt by default. This change comes from ACME, not CP. Older domains will still continue to renew their certificates through LetsEncrypt.
I confirm on my side that running acme.sh --register-account -m [email protected] (as root) fixes the issue by enabling ZeroSSL.
We’ve for now defaulted to Lets Encrypt.