I don’t know if anyone has experienced this issue I keep having. I have over 150 sites in my VPS and I use latest Cyberpanel (2.3). Exactly 2 weeks ago, I woke up to series of emails concerning the SSL of the websites in my server (Failed to obtain SSL, issuing self-signed SSL for domain.tld).
All websites reverted to self-signed SSL and was giving browser warnings. I tried using the ISSUE SSL option which didn’t work immediately but worked after about 5hours. I had to ISSUE SSL manually on all 150 websites.
Same thing happened today again and I’m issuing SSL one after the other as i’m posting this.
Please what is the cause of the problem and how can I stop it?
I’ve looked into all your suggestions and I can’t find any issue. All the ssl certs are stored correctly at /etc/letsencrypt/live
I can copy each and install on the respective website or clicking the ISSUE SSL and it will issue.
But after 2 weeks from now, they’ll all likely revert to selfsigned and I’ll do this procedure again.
I’m thinking maybe there’s a cron job that is running the whole SSL process and that causes it to revert to selfsigned.
So I’m asking now if there’s a way I can set up a cron task to check websites with selfsigned, if there is, issue the letsencrypt ssl at /etc/letsencrypt/live on them automatically without me clicking the ISSUE SSL button all the time. Please
I encounted this issue as well (posted about it here: Self-Signed Certificate after 2.3.3 Upgrade - #3 by shoaibkk) and did the manual SSL renew to fix it. Looks like on 03/18/2023 these certs renewed again (very fast since they’re good for 90 days) and it’s interesting. Some sites got the self-signed certificate, and some got valid let’s encrypt certificates.
Can you point me to the logs for this? I’d love to attach them to hopefully help get to the bottom of this.
EDIT: I just edited the ~/.acme.sh/account.conf file and enabled logging. I’ll need to set up log rotation, but hopefully next time this happens I’ll have some actionable logs. The acme.sh script in the directory is v3.0.6 which seems to be the current one on Github. Going into the SSL menu, selecting the site, and clicking Issue SSL resolves the issue.
Interestingly, like 3 of the 9 sites I manage had the renewal complete successfully. The rest dropped back to self signed, and not because they were due for renewal. I literally went through this around 3 weeks ago. Very strange.
I was originally on Ubuntu 20.04 and everything worked fine.
However, I recently installed 22.04 (fresh install) and installed cyberpanel again (v2.3.3) and restored my websites from backup. Their original let’s encrypt certificate (which was part of the backup) worked fine.
However, when it came time to renew the certificate, it failed to do so and reverted to a self-signed certificate. I tried issuing ssl certificates to my websites manually on cyberpanel, to no avail.
I’ve also tried all of the suggestions above also to no avail.
The cyberpanel log shows the following:
I genuinely dont know what to do.
It’s either a bug with v2.3.3 or a bug with the Ubuntu 22 support (the latter is unlikely as the OP is on 20). As everything worked fine prior to the update, and nothing was changed prior to the update, this only broke after the update.
In such cases any seasoned developer would assume this as a case by case issue not necessary a code issue. However considering its prevalent on Ubuntu 22 and CentOs 7 or 8 I would recommend you open an issue so that the involved persons can test accordingly. As far as me testing I would never test centos 7 or 8 or ubuntu 22 for cyberpanel.
There were several similar problems here. I noticed that… the ssl is renewed much before the 90 days, that is, with 2 or 3 days of use, the certificate is already renewed and in some cases it does not renew, causing the error, I also did not find the solution at the time.
Isn’t that the truth? I don’t think the developers understand they’re about to blow up all the success they’ve acheived with CyberPanel thus far over a silly but VERY IMPACTFUL bug… and it feels like it’s not even being worked on.