Can't issue SSL certs

I have a server running the following:

Ubunutu - 20.04
CyberPanel - v2.3.3
Kernel: 5.4.0-139-generic

I can’t issue an SSL cert for any of my websites, and have tried to issue certs through SSH.

This is the error I get:

[03.21.2023_17-23-47] Status Code: 404 for: http://www.example.com/.well-known/acme-challenge/example.com. Error: <!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title> 404 Not Found
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; ">     <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
        <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
<h2 style="margin-top:20px;font-size: 30px;">Not Found
</h2>
<p>The resource requested could not be found on this server!</p>
</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
<br>Proudly powered by  <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

[03.21.2023_17-23-47] Status Code: 404 for: http://example.com/.well-known/acme-challenge/example.com. Error: <!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title> 404 Not Found
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; ">     <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
        <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
<h2 style="margin-top:20px;font-size: 30px;">Not Found
</h2>
<p>The resource requested could not be found on this server!</p>
</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
<br>Proudly powered by  <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

[03.21.2023_17-23-49] /root/.acme.sh/acme.sh --issue -d example.com -d www.example.com --cert-file /etc/letsencrypt/live/example.com/cert.pem --key-file /etc/letsencrypt/live/example.com/privkey.pem --fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[03.21.2023_17-23-49] Failed to obtain SSL for: example.com and: www.example.com
[03.21.2023_17-23-49] Trying to obtain SSL for: example.com
[03.21.2023_17-23-55] Failed to obtain SSL, issuing self-signed SSL for: example.com
[03.21.2023_17-23-56] Connection unexpectedly closed
[03.21.2023_17-23-56] Self signed SSL issued for example.com.

What would be the possible reason for this issue, and how do I fix it?

Thanks for all the future comments!!

Have you added DNS records before issuing SSL?

Same issue. My websites are not accessible from HTTP also. Its accessible from https. This is the reason I am not able to install ssl.

show me vhost config?

Please follow these steps,

1. Change DNS to cloudflare.
2. Upgrade to the CYBERPANEL 3.0
3. Try to issue SSL cert through cyberpanel

docRoot                   $VH_ROOT/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               [email protected]
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html
}

errorlog $VH_ROOT/logs/$VH_NAME.error_log {
  useServer               0
  logLevel                ERROR
  rollingSize             10M
}

accesslog $VH_ROOT/logs/$VH_NAME.access_log {
  useServer               0
  logFormat               "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
  logHeaders              5
  rollingSize             10M
  keepDays                10  
  compressArchive         1
}

scripthandler  {
  add                     lsapi:example123 php
}

extprocessor example123 {
  type                    lsapi
  address                 UDS://tmp/lshttpd/example123.sock
  maxConns                10
  env                     LSAPI_CHILDREN=10
  initTimeout             600
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp80/bin/lsphp
  extUser                 example123
  extGroup                example123
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
}

phpIniOverride  {

}

rewrite  {
  enable                  1
  autoLoadHtaccess        1
}

vhssl  {
  keyFile                 /etc/letsencrypt/live/example.com/privkey.pem
  certFile                /etc/letsencrypt/live/example.com/fullchain.pem
  certChain               1
  sslProtocol             24
  ciphers                 EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableSpdy              15
  enableStapling           1
  ocspRespMaxAge           86400
}

1. I don’t see why this would fix it because before without Cloudflare I was able to issue SSL cert but after a number of updates, it’s stopped working.
2. From what I can see, the latest version is v2.3.3.
3. That’s how we would normally issue SSL certs, but after it breaking we tried through SSH.

What DNS records are you specifically referring to?

I believe this was a bug released in the 2.3.3 branch. I’ve just opened a Github issue for this, here: Self-Signed SSL Certs being Issued for Valid Domains due to Acme.sh Failure · Issue #1044 · usmannasir/cyberpanel · GitHub. Please add any additional context there so the developers can fix this.

Also @bogodasr Cyberpanel 3.0? I haven’t seen that one yet… let us know if that’s a fork or you just live in 3023.

Thanks,
-pd

Amazing, thanks for this!

I’ve added my own comments to the GitHub issue.

It seems this bug is related only after 2.3.3 upgrade. This should be fixed in a priority manner as it affects the security of all websites in production. I hope the cp team already working on it and produce a new commit release soon.

How Upgrade to the CYBERPANEL 3.0 ?

Latest Build: 3
Latest Version: 2.3

Hello
I hope this is the correct place to continue the conversation.

I am on the latest version of cyberpanel. Suddenly I am unable to issue SSL certificates after many months of successful updates. I have tried many things with no success.
It is suggested that we upgrade to v.3 but this appears to be the latest version (see at end of message). Is there anything MORE up to date? If so, how do I get it?
Thank you for your help - getting pretty desperate.

Latest Version:
2.3

Latest Build:
3

Latest Commit:
7e18b8688c61266566d7d401c845701888b08a32

Same issue,

Screenshot 2023-07-08 1120321597×685 19.8 KB