Failed to obtain SSL issuing self-signed SSL

Failed to obtain SSL, issuing self-signed SSL for: handystore.ua
I have already used several ways to solve the problem, which were proposed here on the forum, but it did not help.

Please make sure your DNS settings are correct. Wrongly assigned DNS will not issue SSL.
Make sure you have A record for your domain name poiting to your server IP and its not behind any proxy service like cloudflare.

Show me your DNS records details and where DNS is hosted?

https://www.evernote.com/l/ANuvbIJ6GGxBJqodE9gc7IUCQnk6bwTHGWwB/image.png
https://www.evernote.com/l/ANvbipobSgNHtIf-MGY31KrWqh3Pm-GhOfMB/image.png
As it seems to me, my DNS records should be in order, I checked it. Thanks for your help!

Your DNS setup is incomplete bro. There is no mentioning of A record for Nameserver entries.

https://www.evernote.com/l/ANt1Gf_WQOlGYqCX9dKJ2DNgJtugZxXlf4YB/image.png
https://www.evernote.com/l/ANtdEgzGiGdP8JfSFN-3LXYR25IQtNyrSaEB/image.png
i added A record but the result is the same, self signed certificate issued. I have other sites in my control panel, but they are working fine. And only with this something does not work. What’s wrong?

on the same IP address there is also this site and everything is ok with it
https://www.evernote.com/l/ANvHKE32UMdKNrw1rqdZCFN6GHHdUCy0ncMB/image.png

You are still doing mistake. You have ns1.digitalocean and some more nameserver entries. But the DNS doesnt know where to point ns1.digitalocean to
You need to create A record of these nameserver entries pointing to server IP. This is essential for Nameservers to work.

Internet works on IP and not domains technically. Hence for every domain related entry you need an IP at the end point.

https://www.evernote.com/l/ANuvbIJ6GGxBJqodE9gc7IUCQnk6bwTHGWwB/image.png
https://www.evernote.com/l/ANvbipobSgNHtIf-MGY31KrWqh3Pm-GhOfMB/image.png
Как мне кажется, мои записи DNS должны быть в порядке, я это проверил. Спасибо за вашу помощь!

Please communicate in English language only.

I still cannot understand what is the reason and where is the error? You claim that some DNS records are missing. Ok, I have about 10 sites and all of them have their DNS records registered this way, and it works on all sites. That is why I assumed that in this case the problem with acme.sh I tried all the different ways to solve the problems described on the forum and here https://cyberpanel.net/docs/how-to-fix-ssl-issues-in-cyberpanel/ but that doesn’t help. Please clarify how the correct DNS records should look like?

If possible do send temporary login details to the server and cyberpanel setup and DNS service so that I can check things up where the issue is exactly and guide you accordingly.

Otherwise do send a detailed error logs of ssl commands for the domain so what we get a clear idea of what went wrong.

There is an A record in the screenshot of the DNS records (at least the second ones, I didn’t look at the first ones).

Can you connect to the site at an http:// (not https://) address?

When you try to issue SSL through Cyberpanel, what does the main log file show?

Yes, of course I can open my site via the http protocol And it works without problems. Including the mail server working normally, I can send letters from it, but for some reason no answers come to it. Which suggests that everything is in order with the DNS records. But this site, its work is planned as an online store, so I need the https: // protocol.

I gave you access to ssh root and in cyberpanel after that all sites that were in this cyberpanel console lay down and became inaccessible.

Yes, that was exactly my point.

I’m wondering if it is trying to issue SSL from ZeroSSL instead of Let’s Encrypt and is failing because there is no email address associated with the domain, which ZeroSSL needs.

If you copy the SSL issue command from the main log in CyberPanel and run it in the command line it should give a better idea of why it is failing, and if I’m right it will be because it wants a mail address, the error message will tell you the command to use to add one.

Update: as per you login details, I logged into the server and tried to issue SSL manually using letsencrypt. The debug logs says

Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours:

I tried to find the already issued certificate of this domain in the path

/etc/letsencyrpt/live/{YOURDOMAINNAME}

I restored the certificate files found in this path and when checked the cyberpanel dashboard status of the domain, it was showing as 74 days remaining.

The DNS is hosted at Digital Ocean and I was asked for OTP to proceed login to Digital Ocean and hence the DNS could not be checked. I strongly believe that the DNS is misconfigured somewhere and hence the SSL failed multiple times reaching the rate limit.

@usmannasir I’ve had the same issue. CP only gives me a self-signed cert.

Here’s my setup (namecheap already has the CF nameservers):

I’ve already tried the common fixes, such as turning off modsecurity etc. No luck. Also did the

wget -O - https://get.acme.sh | sh

command as well.

Can anyone help?

Because you have activated proxy for your domain and letsencrypt verifies the domain dns ip for resolution for issuing ssl certificate. As its a proxied ip, letsencrypt will fail to issue ssl.

You need to disable proxy to issue ssl successfully.