Can't Issue SSL

HI, In the current version of cyberpanel (with support for PHP 7.3) I can not use Issue SSL from CLI:

cyberpanel issueSSL --domainName cyberpanel.net

Issue SSL from webgui also does not work:

Cannot issue SSL. Error message: 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]

I did not find any changes to the file httpd_config.conf; There is no declaration about the listener SSL {}, something like this:

listener SSL { map fb.vn fb.vn address 0.0.0.0:443 secure 1 keyFile /usr/local/lsws/admin/conf/webadmin.key certFile /usr/local/lsws/admin/conf/webadmin.crt }

With Cyberpanle old version, only have “PHP 5.3 → 7.2”, everything still works fine.

IN /serverstatus/cyberCPMainLogFile:

[08-57-26-Thu-Dec-2018] Failed to obtain SSL, issuing self-signed SSL for: locloc.club [08-58-52-Thu-Dec-2018] Trying to obtain SSL for: locloc.club and: www.locloc.com [08-59-08-Thu-Dec-2018] Failed to obtain SSL for: locloc.club and: www.locloc.com [08-59-08-Thu-Dec-2018] Trying to obtain SSL for: locloc.com [08-59-17-Thu-Dec-2018] Failed to obtain SSL, issuing self-signed SSL for: locloc.com

Can you provide more information using the Second Way here Troubleshooting CyberPanel - 14 - Logging & Troubleshooting - CyberPanel Community ?

Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] locloc.com:Verify error:Invalid response from http://locloc.com/.well-known/acme-challenge/rgvqFe_ZGEgAcjFJNchQO4C0oIJKZ8VslFDZxIDONTU: Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] Please add '--debug' or '--log' to check more details. Dec 20 15:06:08 s1 gunicorn[4625]: [Thu Dec 20 15:06:08 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] locloc.com:Verify error:Invalid response from http://locloc.com/.well-known/acme-challenge/Pfm95pSj7gxwBcjfiG3yMpKq6HVK8QwCt-QEH29fw2w: Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] Please add '--debug' or '--log' to check more details. Dec 20 15:06:19 s1 gunicorn[4625]: [Thu Dec 20 15:06:19 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

Verification file is not reachable, probably:

  1. DNS.
  2. Some rewrite rule is conflicting

Please do not care about getting ssl from Let’s encrypt, I do not care about certificates, I need Cyberpanel can add an HTTPS website, i mean self certificate ssl can not be added to OpenLiteSpeed config file httpd_config.conf

Centos 7

The problem is in the command:

cyberpanel issueSSL --domainName locloc.com

It can not add HTTPS webs to Cyberpanel and Openlitespeed

Oh, we canceled issuing self-signed SSL, is this what you want?

Oh, we canceled issuing self-signed SSL, is this what you want?

OMG, yes that’s what I want. Why disable self-signed SSL, I feel it is very useful for sites that can not get a certificate from Let’s Encrypt.
Besides, many websites use SSL from the cloudflare proxy and they just need a self-signed SSL in the backend Openlitespeed for thier site.

The issue was people trying to get SSL and when Let’s Encrypt failed we used to issue self-signed SSL and function return successfully, even though in the log it says failed to obtain SSL but most of the users were not comfortable as they assume SSL was success and when they load the site they get SSL error.

We can try to think of more good work around.

So, Will the self-signed SSL function come back?
For the problem you mentioned, you can create an additional function to automatically check the SSL certificate of the domain and when you discover an invalid certificate you can request again certificate from “Let’s encrypt” cycle.

Or you can create a new command line with the function auto create a self-signed certificate, then add them to HTTPS of the specified domain. Or a certain command has the ability to create HTTPS web from the specified ssl certificate file (maybe they have purchased their own ssl certificate from Comodo, GoDaddy, Cloudflare …)

cyberpanel issueSSL --domainName abc.com --privatekey /home/abc.com.key --publickey /home/abc.com.crt

If you want I can add a cli function to only issue self-signed ssl?

Thanks, I really need that function

Will be added soon, will update you.

Pushed hotfix, the command is like

cyberpanel issueSelfSignedSSL --domainName cyberpanel.net

[Thu Oct 17 17:19:30 UTC 2019] Register account Error: {“type”:“urn:acme:error:unauthorized”,“detail”:“Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 - API Announcements - Let's Encrypt Community Support for details.”,“status”: 403} [Thu Oct 17 17:19:30 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Thu Oct 17 17:19:30 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Thu Oct 17 17:19:33 UTC 2019] Register account Error: {“type”:“urn:acme:error:unauthorized”,“detail”:“Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 - API Announcements - Let's Encrypt Community Support for details.”,“status”: 403} [Thu Oct 17 17:19:33 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Thu Oct 17 17:19:33 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]

Can you help me?

[Thu Oct 17 17:19:30 UTC 2019] Register account Error: {"type":"urn:acme:error:unauthorized","detail":"Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.","status": 403} [Thu Oct 17 17:19:30 UTC 2019] Please add '--debug' or '--log' to check more details. [Thu Oct 17 17:19:30 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Thu Oct 17 17:19:33 UTC 2019] Register account Error: {"type":"urn:acme:error:unauthorized","detail":"Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.","status": 403} [Thu Oct 17 17:19:33 UTC 2019] Please add '--debug' or '--log' to check more details. [Thu Oct 17 17:19:33 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]

Can you help me?

Point your Domain DNS A record to the server IP and issue SSL.

Cannot issue SSL. Error message: [Tue Oct 22 03:27:15 UTC 2019] vietladders.com:Verify error:Invalid response from Lỗi 404: Trang không tìm thấy [66.42.57.223]: [Tue Oct 22 03:27:15 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Tue Oct 22 03:27:15 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Tue Oct 22 03:27:26 UTC 2019] vietladders.com:Verify error:Invalid response from Lỗi 404: Trang không tìm thấy [66.42.57.223]: [Tue Oct 22 03:27:26 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Tue Oct 22 03:27:26 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
Can you help me?

Cannot issue SSL. Error message: [Tue Oct 22 03:27:15 UTC 2019] vietladders.com:Verify error:Invalid response from http://vietladders.com/.well-known/acme-challenge/2zMt99k_CTHM9U_jIVPMyBTsZMcUOxFinuzPkHV_YOE [66.42.57.223]: [Tue Oct 22 03:27:15 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Tue Oct 22 03:27:15 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Tue Oct 22 03:27:26 UTC 2019] vietladders.com:Verify error:Invalid response from http://vietladders.com/.well-known/acme-challenge/JJdQ6L_nDJbdOoNE-h-r7P78aCq-9P2hH85CDbq5LeE [66.42.57.223]: [Tue Oct 22 03:27:26 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Tue Oct 22 03:27:26 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
Can you help me?