Can't connect to my site ssl error

Hello, using cyberpanel and have installed too many lets encrypt certs. have to wait until tomorrow to try again. In the meantime I can’t go directly to my website anymore. It says this site can’t be reached. I can still access the panel but its not secure. Will reinstalling lets encrypt tomorrow fix this?

Welcome @devie Happy you are here

I discourage installing SSL directly with SSH.

Use the CyberPanel recommended methods to install.

If you have any existing ssl certificates not installed the cyberpanel way delete them. Actually delete all certificates so that you can isolate any ssl issues:

ou need to remove private keys and certificates at the Virtual Host Level

Go to OLS WebAdmin Console of your server i.e https://SERVER_URL:7080 use admin and password you chose for CyberPanel admin panel

If you cannot log in. Using SSH Terminal run adminPass add new password


Then you delete all private keys and certificates for respective website and hostname from server:

$ rm -f /etc/letsencrypt/live/mydomain.net/privkey.pem && rm -f /etc/letsencrypt/live/mydomain.net/fullchain.pem

$ rm -f /etc/letsencrypt/live/mail.mydomain.net/privkey.pem && rm -f /etc/letsencrypt/live/mail.mydomain.net/fullchain.pem

$ rm -f /etc/letsencrypt/live/ssl.mydomain.net/privkey.pem && rm -f /etc/letsencrypt/live/ssl.mydomain.net/fullchain.pem

Then resissue hostname SSL the CyberPanel way:

  1. Go to https://server.mydomain.net:8090/manageSSL/sslForHostName
  2. Choose mydomain.net
  3. Click on Issue SSL

If its not hostname domain

  1. Go to https://server.mydomain.net:8090/manageSSL/manageSSL
  2. Choose mydomain.net
  3. Click on Issue SSL

References:

  1. hostname ssl, 2 - CyberPanel on SSL - Docs - CyberPanel Community
  2. website ssl, 1 - Issuing SSL for website - Docs - CyberPanel Community
  3. email server ssl 2 - SSL For PostFix/Dovecot - Docs - CyberPanel Community

when I go to https://server_url:7080 I get this error - this site can’t be reached. url refused to connect.
if I use the ssh terminal and add a new password will I be able to access the webadmin console?

Yes. Kindly follow the instructions so that i can better support you.

ok. I’ll follow your instructions shortly and report back. thx

I was able to add new password but still couldnt login to virtual host. My vps is through hostinger. Do I have access to :7080? I only know about :8090? I ran the remove commands in ssh. I’m assuming the files are deleted but I don’t know how to check. I ran a debugger yesterday in ssh and it said that I requested too many certs and had to wait until 3:25pm my time to add ssl. Since I deleted the certs and private keys do I still need to wait until that time to issue another ssl?

I usually do not recommend hostinger at all but since you already have a plan kindly consult hostinger for support about access to OLS web admin

Ok. I added the ssl the cyberpanel way and my website is back with the lock. But the path to the panel is not secure. How do I issue ssl for the panel?

Issue hostname SSL the CyberPanel way:

  1. Go to https://server.mydomain.net:8090/manageSSL/sslForHostName
  2. Choose mydomain.net
  3. Click on Issue SSL

I tried it but still not secure. The website is okay which seems weird.

Did you delete all ssl certificates before reissuing?

I thought those commands did but maybe not. I did a ssl check and I think the ssl in place is from gogetssl, good for 90 days

Do you have a hostname panel.mydomain.net or you care using mydomain.net:8090?

I’m using mydomain.net:8090

COnsider How to remove port 8090 from CyberPanel it is cleaner and good practise for all your users. Most users detest the port urls makes remembering tedious

This also means you issued domain.net a normal website ssl and hostname ssl. sorry but his will get you to start from the beginning.

Will that solve the ssl issue for the panel? It is annoying typing that. I did another ssl check and it’s for Let’s Encrypt but it said " Certificate Chain Complete?

A valid Root CA Certificate could not be located, the certificate will likely display browser warnings." Do I need to worry about that?

Yes just start from the beginning remove all ssl certificates. Then How to remove port 8090 from CyberPanel and start by issuing hostname ssl. COnfirm it is ok then proceed to issue website ssl certificate.

Ok I think I got it now. I won’t get blocked by let’s encrypt again if I do this? That was pretty nerve wracking!

From experience seldom anything ever happens so long as nothing updates letsencrypt or you do any kernel updates. Just have a clean install of cyberpanel and install everything on cyberpanel.

I decided not start over and remove :8090. I changed from VPS to Cloud Hosting with Hostinger and everything is fine, SSL is in place. So much easier to work with than Cyberpanel. Thank you for all your help!