can't renew SSL

Hi i have problem with my subdomain can’t renew SSL Even Manual

when i try to issue i got this error in my Mail Log file

[06.24.2021_08-08-31] Trying to obtain SSL for: blog.Domain.com and: www.blog.Domain.com
[06.24.2021_08-08-31] /root/.acme.sh/acme.sh --issue -d blog.Domain.com -d www.blog.Domain.com --cert-file /etc/letsencrypt/live/blog.Domain.com/cert.pem --key-file /etc/letsencrypt/live/blog.Domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/blog.Domain.com/fullchain.pem -w /home/Domain.com/public_html/blog.Domain.com --force
[06.24.2021_08-08-32] Failed to obtain SSL for: blog.Domain.com and: www.blog.Domain.com
[06.24.2021_08-08-32] Trying to obtain SSL for: blog.Domain.com
[06.24.2021_08-08-32] Failed to obtain SSL, issuing self-signed SSL for: blog.Domain.com
[06.24.2021_08-08-34] Websites matching query does not exist. [installSSLForDomain:72]
[06.24.2021_08-08-34] Self signed SSL issued for blog.Domain.com.

im using
CyberPanel Latest Version 2.1

So what is wrong

Hi, can you please restart litespeed service and afterwards generate an SSL again with --debug at the end?

root@Domaincomnew:~# /root/.acme.sh/acme.sh --issue -d blog.Domain.com -d ww w.blog.Domain.com --cert-file /etc/letsencrypt/live/blog.Domain.com/cert.pem --key-file /etc/letsencrypt/live/blog.Domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/blog.Domain.com/fullchain.pem -w /home/Domain.com/pub lic_html/blog.Domain.com --force --debug
[Wed 30 Jun 2021 10:45:04 AM UTC] Lets find script dir.
[Wed 30 Jun 2021 10:45:04 AM UTC] SCRIPT=’/root/.acme.sh/acme.sh’
[Wed 30 Jun 2021 10:45:04 AM UTC] _script=’/root/.acme.sh/acme.sh’
[Wed 30 Jun 2021 10:45:04 AM UTC] _script_home=’/root/.acme.sh’
[Wed 30 Jun 2021 10:45:04 AM UTC] Using config home:/root/.acme.sh
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v3.0.0
[Wed 30 Jun 2021 10:45:04 AM UTC] Running cmd: issue
[Wed 30 Jun 2021 10:45:04 AM UTC] _main_domain=‘blog.Domain.com
[Wed 30 Jun 2021 10:45:04 AM UTC] _alt_domains=‘www.blog.Domain.com
[Wed 30 Jun 2021 10:45:04 AM UTC] Using config home:/root/.acme.sh
[Wed 30 Jun 2021 10:45:04 AM UTC] default_acme_server
[Wed 30 Jun 2021 10:45:04 AM UTC] ACME_DIRECTORY=‘https://acme.zerossl.com/v2/DV 90’
[Wed 30 Jun 2021 10:45:04 AM UTC] DOMAIN_PATH=’/root/.acme.sh/blog.Domain.com’
[Wed 30 Jun 2021 10:45:04 AM UTC] Using ACME_DIRECTORY: https://acme.zerossl.com /v2/DV90
[Wed 30 Jun 2021 10:45:04 AM UTC] _init api for server: https://acme.zerossl.com /v2/DV90
[Wed 30 Jun 2021 10:45:04 AM UTC] GET
[Wed 30 Jun 2021 10:45:04 AM UTC] url=‘https://acme.zerossl.com/v2/DV90
[Wed 30 Jun 2021 10:45:04 AM UTC] timeout=
[Wed 30 Jun 2021 10:45:04 AM UTC] _CURL=‘curl --silent --dump-header /root/.acme .sh/http.header -L -g ’
[Wed 30 Jun 2021 10:45:05 AM UTC] ret=‘0’
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_KEY_CHANGE=‘https://acme.zerossl.com/v2/D V90/keyChange’
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_AUTHZ
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_ORDER=‘https://acme.zerossl.com/v2/DV 90/newOrder’
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_ACCOUNT=‘https://acme.zerossl.com/v2/ DV90/newAccount’
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_REVOKE_CERT=‘https://acme.zerossl.com/v2/ DV90/revokeCert’
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_AGREEMENT=‘https://secure.trust-provider. com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click .pdf’
[Wed 30 Jun 2021 10:45:05 AM UTC] ACME_NEW_NONCE=‘https://acme.zerossl.com/v2/DV 90/newNonce’
[Wed 30 Jun 2021 10:45:05 AM UTC] Le_NextRenewTime=‘1622197819’
[Wed 30 Jun 2021 10:45:06 AM UTC] Using CA: https://acme.zerossl.com/v2/DV90
[Wed 30 Jun 2021 10:45:06 AM UTC] _on_before_issue
[Wed 30 Jun 2021 10:45:06 AM UTC] _chk_main_domain=‘blog.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] _chk_alt_domains=‘www.blog.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] Le_LocalAddress
[Wed 30 Jun 2021 10:45:06 AM UTC] d=‘blog.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] Check for domain=‘blog.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] _currentRoot=’/home/Domain.com/public_html/b log.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] d=‘www.blog.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] Check for domain=‘www.blog.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] _currentRoot=’/home/Domain.com/public_html/b log.Domain.com
[Wed 30 Jun 2021 10:45:06 AM UTC] d
[Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_KEY_HASH
[Wed 30 Jun 2021 10:45:06 AM UTC] Using config home:/root/.acme.sh
[Wed 30 Jun 2021 10:45:06 AM UTC] ACME_DIRECTORY=‘https://acme.zerossl.com/v2/DV 90’
[Wed 30 Jun 2021 10:45:06 AM UTC] init api for server: https://acme.zerossl.com /v2/DV90
[Wed 30 Jun 2021 10:45:06 AM UTC] RSA key
[Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_EAB_KEY
ID
[Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_EAB_HMAC _KEY
[Wed 30 Jun 2021 10:45:06 AM UTC] config file is empty, can not read CA_EMAIL
[Wed 30 Jun 2021 10:45:06 AM UTC] No EAB credentials found for ZeroSSL, let’s ge t one
[Wed 30 Jun 2021 10:45:06 AM UTC] acme.sh is using ZeroSSL as default CA now.
[Wed 30 Jun 2021 10:45:06 AM UTC] Please update your account with an email addre ss first.
[Wed 30 Jun 2021 10:45:06 AM UTC] acme.sh --register-account -m my@example.com
[Wed 30 Jun 2021 10:45:06 AM UTC] See: https://github.com/acmesh-official/acme.s h/wiki/ZeroSSL.com-CA
[Wed 30 Jun 2021 10:45:06 AM UTC] _on_issue_err
[Wed 30 Jun 2021 10:45:06 AM UTC] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed 30 Jun 2021 10:45:06 AM UTC] See: https://github.com/acmesh-official/acme.s h/wiki/How-to-debug-acme.sh
[Wed 30 Jun 2021 10:45:06 AM UTC] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1f 31 Mar 2020
apache:
apache doesn’t exist.
nginx:
nginx doesn’t exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.3 on Oct 26 2019 17:42:04
running on Linux version #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021, release 5.4.0-73-generic, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#undef WITH_READLINE
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/
root@Domaincomnew:~#

i used this

acme.sh --register-account -m mymail@hotmail.com
and my subdomain working now on ZeroSSl

and my mail domain working with letsencrypt for 80 days

after 80 days main domain will renew with ZeroSSL or letsencrypt
or it will not renew automaic ???

1 Like

and thanks for your Great help

Hi there,

it should renew automatically with zerossl.

If you want to use letsencrypt instead, run:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

or upgrade to the latest cp version in which letsencrypt is set as default: acme defaults to letsencrypt · usmannasir/cyberpanel@c598d7a · GitHub

To manually remove the current certificate and install a new one, follow this guide: https://pcx3.com/cyberpanel/cyberpanel-self-signed-certificate-issue/

Cheers!

Type your comment> @stefanepejcic said:

Hi there,

it should renew automatically with zerossl.

If you want to use letsencrypt instead, run:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

or upgrade to the latest cp version in which letsencrypt is set as default: acme defaults to letsencrypt · usmannasir/cyberpanel@c598d7a · GitHub

To manually remove the current certificate and install a new one, follow this guide: https://pcx3.com/cyberpanel/cyberpanel-self-signed-certificate-issue/

Cheers!

thanks for Great help :slight_smile:

Type your comment> @stefanepejcic said:

Hi there,

it should renew automatically with zerossl.

If you want to use letsencrypt instead, run:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

or upgrade to the latest cp version in which letsencrypt is set as default: acme defaults to letsencrypt · usmannasir/cyberpanel@c598d7a · GitHub

To manually remove the current certificate and install a new one, follow this guide: https://pcx3.com/cyberpanel/cyberpanel-self-signed-certificate-issue/

Cheers!

I had the same issue - upgraded to CyberPanel 2.1, but I still can’t get it to do it automatically.
When I copy paste the command as suggested in https://cyberpanel.net/docs/issuing-ssl-for-website/ it works, so I can restart the server and it will pick up the new certs, but I can’t do it from the UI.
Curious if you had the same experience…

Hi, sorry for such a late response…

Yes, generating an SSL from the UI will overwrite this manually generated SSL… the workaround is to define the usage of letsencrypt:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

https://www.hostingbyalitech.com/blog/post/acme-now-uses-zerossl-here-what-you-need-do-your-cyberpanel

Hope that works for you as well. Cheers

I’ve had trouble with cyberpanel and Lets Encrypt for a while. This is the key->
blog.Domain.com and: www.blog.Domain.com

My bet is the www. version doesn’t exist in the local zone file on the server.

Try adding: www.blog.Domain.com to the zone file. Even if you don’t use your server for DNS. If it still complains the same way you may need to create an A record entry at your DNS provider(assuming you aren’t using the DNS function on cyberpanel).

That has solved several issues I’ve run into in the newest version.

Thanks for pointing this out. It also resolved the sudden SSL renewal failure I was dealing with.