How to fix SSL issues in CyberPanel

CyberPanel is equipped with a built-in security certificate issuing mechanism. It uses the Let’s Encrypt Certificate authority to obtain an SSL certificate for your websites. We have a great tutorial on how to create/issue SSL certificates for your domain here.

However, if CyberPanel is unable to obtain a certificate for your domain, it generates a self-signed certificate instead. This certificate, however, isn’t acceptable to the browser and it throws a red screen warning that the connection might not be secure.

In this tutorial, we are going to see a few common errors that occur and how to fix them.

Major SSL Certificate issues in CyberPanel

1. A Record or IP Address Issue

CyberPanel can only get you certificates for the websites that are on the server and the domain that is connected to the server too. In order to verify this, you can use Whats My DNS to verify that the A record for your domain points to the server IP shown on the top left of the CyberPanel dashboard just below the CyberPanel logo.

If that doesn’t match, kindly change the A record to this IP in your domain manager’s DNS settings. If you are using Cloudflare, you might see a different IP on Whats My DNS but you should make sure that the IP in DNS setting is the same as the server IP.

2. ACME Client Verification

CyberPanel uses acme-client for issuance and regeneration of SSL certificates every 90 days. Sometimes either the client is outdated or removed from the server that makes the whole process impossible.

In order to check and update the ACME client to the latest version run the following command

wget -O - https://get.acme.sh | sh

Now you can go back to the menu and choose Manage SSL from the SSL menu to issue SSL again.

3. Folder permissions

Let’s Encrypt Authority verifies that you are indeed the owner and in control of the domain that you want to get a certificate for so they offer a few forms of verification.

  • HTTP-01 Challenge (or file-based challenge): This is the most common challenge type currently. Let’s Encrypt gives a token to your ACME client, and your ACME client puts a file on your web server at http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>.
  • DNS-01 challenge: This challenge asks you to prove that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name. Let’s Encrypt gives your ACME client a token, your client will create a TXT record derived from that token and your account key, and put that record at _acme-challenge.<YOUR_DOMAIN>

CyberPanel uses file-based verification because it’s easier and DNS records can take a very long time to propagate.

Sometimes, users change files and folder permission which makes it impossible CyberPanel to add the required file for the verification and the verification fails.

In order to fix these issues go to Websites->List Websites where you will see something like this

Click the Manage button next to the website that you want to issue SSL for and you will be greeted with a screen like this

Use the File Manager option to open the file manager for that website. Once the file manager is open, click the Fix Permissions button on the top right.

This image has an empty alt attribute; its file name is 11-migration-fix-permissions.png

CyberPanel will fix the permissions for you and then you can issue a SSL certificate from SSL->Manage SSL as shown in the first issue.

4. ModSecurity Blocking

CyberPanel comes with ModSecurity that keeps your server and websites safe from a variety of hacking attempts and spam content, however sometimes as a false-positive, it can block legitimate traffic considering it spam or an attack.

Lets Encrypt verifies the identity of the domain by checking whether the file it provides is available at your domain or not. It does so by accessing that file from multiple servers to confirm that you are indeed the owner or authorized person for that domain. As they issue millions of certificates per day, their servers generate a lot of traffic and sometimes spam-fighting companies see a lot of similar traffic as spam and they put Lets Encrypt server IPs on their blacklists.

As a result, ModSecurity blocks all connections from those IPs and Let’s Encrypt isn’t able to verify the domain causing a failure to issue a SSL certificate.

There is a simple workaround to be able to issue SSL certificates in this case.

Go to Security-> ModSecurity Conf and you will be greeted with this screen

Turn off ModSecurity then go to SSL → Manage SSL and issue SSL certificate for your website. Once you are done, turn the ModSecurity back on.

Debugging with command line

If none of the above worked for you, it means you have a different issue that needs to be debugged and fixed. In order to do that, go to your terminal and type the following.

/root/.acme.sh/acme.sh --issue -d <YOUR\_DOMAIN> -d www.<YOUR\_DOMAIN> --cert-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/cert.pem --key-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/privkey.pem --fullchain-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/fullchain.pem -w /usr/local/lsws/Example/html --force --debug

This command will give you detailed information on where and why the issue occurred so you can fix it.

Debugging tips for v2.3.2 and above

If you are using CyberPanel version v2.3.2 and above, check if you have following in your vhost conf

OpenLiteSpeed

Do you have this context in your vHost conf? If not then add following configurations at the bottom of this configuration file

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge
  allowBrowse             1

  rewrite  {

  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}

and click Save

LiteSpeed Enterprise

Check and see if you have this line in your configurations Alias /.well-known/acme-challenge /usr/local/lsws/Example/html/.well-known/acme-challenge, if not then add under DocumentRoot line as you can see in the picture above.

To verify if the context is working, create a temporary test file under this directory using

mkdir -p /usr/local/Example/html/.well-known/acme-challenge/
touch /usr/local/Example/html/.well-known/acme-challenge/hello.txt

Then visit this file from browser such as `http://domain.com/.well-known/acme-challenge/hello.txt, if you are able to visit this file then you can try to issue SSL again and it should be fine, otherwise go back to Debugging with command line section and try from command line again.

1 Like

Hello, what can I do when I get:

Site_domain:Verify error:ip: Invalid response from http://site_domain/.well-known/acme-challenge/ah3ey5zfL01t7TydAMADwjOpFqwOstaBzRGef2GRvdw: 404

What can be not allowing access to this link? (Site_domain and ip replaced above)

Mod_security disabled
Cyberpanel 2.3.1

Also updated ACME with wget -O - https://get.acme.sh | sh because after upgrading Cyberpanel it was returning an error about a missing filel.
Thanks!

I ran the first command

/root/.acme.sh/acme.sh --issue -d <YOUR_DOMAIN> -d www.<YOUR_DOMAIN> --cert-file
Domain Name Replaced and I get

Access Denied. How do I fix this.

Use this command before running ssl command

sudo su - 

Hello Team,

I am getting Incomplete Certificate Chain Warning?

using the Zero SSL Cerificate, Lets encrypt also we have tried cloudfair also we have tried but nothing is working for this domain hosted on cyber panel python django framework,

website : http://skillyservices.com/

Please let me know anything i have to change.

make sure to update your cyberpanel

I am a new install cyberpanel 2022/06/04, so the cyberpanel should be new version

OS : centos 7 (from vultr : selinux off )

I want to description my case completely here.

The following are the 2 different subdomain which set in my dns record ( A record is pointing to same server, act as 2 domains)

hostname : server.mydomain?com
another domain : sucms.mydomain?com

Steps :

  1. complete install cyberpanel, found some warning, but whatever, I can access from :8090
  2. my first part is go to hostname ssl generate the ssl, it is success : SSL Issued. You can now access CyberPanel at: https://“domain”:8090
  3. then I go to the above domain to test if the cert if working, result : NOT WORKING
  4. then I go to add website (my another new subdomain), of course choose SSL option, WORKING
  5. remove the hostname from website list, found I cannot add it back, because it is blacklist in hostname
  6. i change hostname in putty, and add website back again, and change the hostname back
  7. i check the log : the following
    /root/.acme.sh/acme.sh --issue -d server.?com -d www.server.?com --cert-file /etc/letsencrypt/live/server.?com/cert.pem --key-file /etc/letsencrypt/live/server.?com/privkey.pem --fullchain-file /etc/letsencrypt/live/server.?com/fullchain.pem -w /home/server.?com/public_html --force --debug
    [Sun Jun 5 15:49:48 2022] Lets find script dir.
    [Sun Jun 5 15:49:48 2022] SCRIPT=’/root/.acme.sh/acme.sh’
    [Sun Jun 5 15:49:48 2022] _script=’/root/.acme.sh/acme.sh’
    [Sun Jun 5 15:49:48 2022] _script_home=’/root/.acme.sh’
    [Sun Jun 5 15:49:48 2022] Using config home:/root/.acme.sh
    htxps:x/github?com/acmesh-official/acme.sh
    v3.0.5
    [Sun Jun 5 15:49:48 2022] Running cmd: issue
    [Sun Jun 5 15:49:48 2022] _main_domain=‘server.?com’
    [Sun Jun 5 15:49:48 2022] _alt_domains=‘www.server.?com’
    [Sun Jun 5 15:49:48 2022] Using config home:/root/.acme.sh
    [Sun Jun 5 15:49:48 2022] default_acme_server
    [Sun Jun 5 15:49:48 2022] ACME_DIRECTORY=‘htxps:x/acme?zeross?com/v2/DV90’
    [Sun Jun 5 15:49:48 2022] The domain ‘server.?com’ seems to have a ECC cert already, please add ‘–ecc’ parameter if you want to use that cert.
    [Sun Jun 5 15:49:48 2022] DOMAIN_PATH=’/root/.acme.sh/server.?com’
    [Sun Jun 5 15:49:48 2022] Using ACME_DIRECTORY: htxps:x/acme?zeross?com/v2/DV90
    [Sun Jun 5 15:49:48 2022] _init api for server: htxps:x/acme?zeross?com/v2/DV90
    [Sun Jun 5 15:49:48 2022] GET
    [Sun Jun 5 15:49:48 2022] url=‘htxps:x/acme?zeross?com/v2/DV90’
    [Sun Jun 5 15:49:48 2022] timeout=
    [Sun Jun 5 15:49:48 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:49:59 2022] ret=‘0’
    [Sun Jun 5 15:49:59 2022] ACME_KEY_CHANGE=‘htxps:x/acme?zeross?com/v2/DV90/keyChange’
    [Sun Jun 5 15:49:59 2022] ACME_NEW_AUTHZ
    [Sun Jun 5 15:49:59 2022] ACME_NEW_ORDER=‘htxps:x/acme?zeross?com/v2/DV90/newOrder’
    [Sun Jun 5 15:49:59 2022] ACME_NEW_ACCOUNT=‘htxps:x/acme?zeross?com/v2/DV90/newAccount’
    [Sun Jun 5 15:49:59 2022] ACME_REVOKE_CERT=‘htxps:x/acme?zeross?com/v2/DV90/revokeCert’
    [Sun Jun 5 15:49:59 2022] ACME_AGREEMENT=‘htxps:x/secure.trust-provider?com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf’
    [Sun Jun 5 15:49:59 2022] ACME_NEW_NONCE=‘htxps:x/acme?zeross?com/v2/DV90/newNonce’
    [Sun Jun 5 15:49:59 2022] Using CA: htxps:x/acme?zeross?com/v2/DV90
    [Sun Jun 5 15:49:59 2022] _on_before_issue
    [Sun Jun 5 15:49:59 2022] _chk_main_domain=‘server.?com’
    [Sun Jun 5 15:49:59 2022] _chk_alt_domains=‘www.server.?com’
    [Sun Jun 5 15:49:59 2022] Le_LocalAddress
    [Sun Jun 5 15:49:59 2022] d=‘server.?com’
    [Sun Jun 5 15:49:59 2022] Check for domain=‘server.?com’
    [Sun Jun 5 15:49:59 2022] _currentRoot=’/home/server.?com/public_html’
    [Sun Jun 5 15:49:59 2022] d=‘www.server.?com’
    [Sun Jun 5 15:49:59 2022] Check for domain=‘www.server.?com’
    [Sun Jun 5 15:49:59 2022] _currentRoot=’/home/server.?com/public_html’
    [Sun Jun 5 15:49:59 2022] d
    [Sun Jun 5 15:49:59 2022] _saved_account_key_hash is not changed, skip register account.
    [Sun Jun 5 15:49:59 2022] Read key length:2048
    [Sun Jun 5 15:49:59 2022] Creating domain key
    [Sun Jun 5 15:49:59 2022] Using config home:/root/.acme.sh
    [Sun Jun 5 15:49:59 2022] ACME_DIRECTORY=‘htxps:x/acme?zeross?com/v2/DV90’
    [Sun Jun 5 15:49:59 2022] Use length 2048
    [Sun Jun 5 15:49:59 2022] Using RSA: 2048
    [Sun Jun 5 15:49:59 2022] The domain key is here: /root/.acme.sh/server.?com/server.?com.key
    [Sun Jun 5 15:49:59 2022] _createcsr
    [Sun Jun 5 15:49:59 2022] Multi domain=‘DNS:server.?com,DNS:www.server.?com’
    [Sun Jun 5 15:49:59 2022] Getting domain auth token for each domain
    [Sun Jun 5 15:49:59 2022] d=‘www.server.?com’
    [Sun Jun 5 15:49:59 2022] d
    [Sun Jun 5 15:49:59 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/newOrder’
    [Sun Jun 5 15:49:59 2022] payload=’{“identifiers”: [{“type”:“dns”,“value”:“server.?com”},{“type”:“dns”,“value”:“www.server.?com”}]}’
    [Sun Jun 5 15:49:59 2022] RSA key
    [Sun Jun 5 15:49:59 2022] HEAD
    [Sun Jun 5 15:49:59 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/newNonce’
    [Sun Jun 5 15:49:59 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ’
    [Sun Jun 5 15:50:11 2022] _ret=‘0’
    [Sun Jun 5 15:50:11 2022] POST
    [Sun Jun 5 15:50:11 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/newOrder’
    [Sun Jun 5 15:50:11 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:50:23 2022] _ret=‘0’
    [Sun Jun 5 15:50:23 2022] code=‘201’
    [Sun Jun 5 15:50:23 2022] Le_LinkOrder=‘htxps:x/acme?zeross?com/v2/DV90/order/VTkDkrL2lNA73KH0Spwa1Q’
    [Sun Jun 5 15:50:23 2022] Le_OrderFinalize=‘htxps:x/acme?zeross?com/v2/DV90/order/VTkDkrL2lNA73KH0Spwa1Q/finalize’
    [Sun Jun 5 15:50:23 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/authz/1_JSXO9yDEM9NKbLZ6tymA’
    [Sun Jun 5 15:50:23 2022] payload
    [Sun Jun 5 15:50:23 2022] POST
    [Sun Jun 5 15:50:23 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/authz/1_JSXO9yDEM9NKbLZ6tymA’
    [Sun Jun 5 15:50:23 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:50:36 2022] _ret=‘0’
    [Sun Jun 5 15:50:36 2022] code=‘200’
    [Sun Jun 5 15:50:36 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/authz/wLf-n48UImuBlP4_3eeEFw’
    [Sun Jun 5 15:50:36 2022] payload
    [Sun Jun 5 15:50:36 2022] POST
    [Sun Jun 5 15:50:36 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/authz/wLf-n48UImuBlP4_3eeEFw’
    [Sun Jun 5 15:50:36 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:51:04 2022] _ret=‘0’
    [Sun Jun 5 15:51:04 2022] code=‘200’
    [Sun Jun 5 15:51:04 2022] d=‘server.?com’
    [Sun Jun 5 15:51:04 2022] Getting webroot for domain=‘server.?com’
    [Sun Jun 5 15:51:04 2022] _w=’/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] _currentRoot=’/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] entry=’“type”:“http-01”,“url”:“htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg”,“status”:“pending”,“token”:“EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0”’
    [Sun Jun 5 15:51:04 2022] token=‘EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0’
    [Sun Jun 5 15:51:04 2022] uri=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:51:04 2022] keyauthorization=‘EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY’
    [Sun Jun 5 15:51:04 2022] dvlist=‘server.?com#EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY#htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg#http-01#/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] d=‘www.server.?com’
    [Sun Jun 5 15:51:04 2022] Getting webroot for domain=‘www.server.?com’
    [Sun Jun 5 15:51:04 2022] _w=’/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] _currentRoot=’/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] entry=’“type”:“http-01”,“url”:“htxps:x/acme?zeross?com/v2/DV90/chall/Bd7WTBc2G2UtNz9KrQ7eqQ”,“status”:“pending”,“token”:“84AMMvsOqGjw_4W_ZUydbYm4xnXxaDdHs9Mu9gUBoRc”’
    [Sun Jun 5 15:51:04 2022] token=‘84AMMvsOqGjw_4W_ZUydbYm4xnXxaDdHs9Mu9gUBoRc’
    [Sun Jun 5 15:51:04 2022] uri=‘htxps:x/acme?zeross?com/v2/DV90/chall/Bd7WTBc2G2UtNz9KrQ7eqQ’
    [Sun Jun 5 15:51:04 2022] keyauthorization=‘84AMMvsOqGjw_4W_ZUydbYm4xnXxaDdHs9Mu9gUBoRc.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY’
    [Sun Jun 5 15:51:04 2022] dvlist=‘www.server.?com#84AMMvsOqGjw_4W_ZUydbYm4xnXxaDdHs9Mu9gUBoRc.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY#htxps:x/acme?zeross?com/v2/DV90/chall/Bd7WTBc2G2UtNz9KrQ7eqQ#http-01#/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] d
    [Sun Jun 5 15:51:04 2022] vlist=‘server.?com#EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY#htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg#http-01#/home/server.?com/public_html,www.server.?com#84AMMvsOqGjw_4W_ZUydbYm4xnXxaDdHs9Mu9gUBoRc.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY#htxps:x/acme?zeross?com/v2/DV90/chall/Bd7WTBc2G2UtNz9KrQ7eqQ#http-01#/home/server.?com/public_html,’
    [Sun Jun 5 15:51:04 2022] d=‘server.?com’
    [Sun Jun 5 15:51:04 2022] d=‘www.server.?com’
    [Sun Jun 5 15:51:04 2022] ok, let’s start to verify
    [Sun Jun 5 15:51:04 2022] Verifying: server.?com
    [Sun Jun 5 15:51:04 2022] d=‘server.?com’
    [Sun Jun 5 15:51:04 2022] keyauthorization=‘EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0.KDCL7GHxlY9PwdKFtGHn99OuLlS54XAJh2JOZOaB2rY’
    [Sun Jun 5 15:51:04 2022] uri=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:51:04 2022] _currentRoot=’/home/server.?com/public_html’
    [Sun Jun 5 15:51:04 2022] wellknown_path=’/home/server.?com/public_html/.well-known/acme-challenge’
    [Sun Jun 5 15:51:04 2022] writing token:EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0 to /home/server.?com/public_html/.well-known/acme-challenge/EYiEnqNJ9g_kY8LwbRFlD-6De0A0eOGEdp-6tXCXNQ0
    [Sun Jun 5 15:51:04 2022] Changing owner/group of .well-known to serve3852:nobody
    [Sun Jun 5 15:51:04 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:51:04 2022] payload=’{}’
    [Sun Jun 5 15:51:04 2022] POST
    [Sun Jun 5 15:51:04 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:51:04 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:51:22 2022] _ret=‘0’
    [Sun Jun 5 15:51:22 2022] code=‘200’
    [Sun Jun 5 15:51:22 2022] trigger validation code: 200
    [Sun Jun 5 15:51:22 2022] Processing, The CA is processing your order, please just wait. (1/30)
    [Sun Jun 5 15:51:22 2022] sleep 2 secs to verify again
    [Sun Jun 5 15:51:25 2022] checking
    [Sun Jun 5 15:51:25 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’

    [Sun Jun 5 15:57:07 2022] Processing, The CA is processing your order, please just wait. (29/30)
    [Sun Jun 5 15:57:07 2022] sleep 2 secs to verify again
    [Sun Jun 5 15:57:10 2022] checking
    [Sun Jun 5 15:57:10 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:57:10 2022] payload
    [Sun Jun 5 15:57:10 2022] POST
    [Sun Jun 5 15:57:10 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:57:10 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:57:18 2022] _ret=‘0’
    [Sun Jun 5 15:57:18 2022] code=‘200’
    [Sun Jun 5 15:57:18 2022] server.?com:Timeout
    [Sun Jun 5 15:57:18 2022] Debugging, skip removing: /home/server.?com/public_html/.well-known
    [Sun Jun 5 15:57:18 2022] pid
    [Sun Jun 5 15:57:18 2022] No need to restore nginx, skip.
    [Sun Jun 5 15:57:18 2022] _clearupdns
    [Sun Jun 5 15:57:18 2022] dns_entries
    [Sun Jun 5 15:57:18 2022] skip dns.
    [Sun Jun 5 15:57:18 2022] _on_issue_err
    [Sun Jun 5 15:57:18 2022] Please add ‘–debug’ or ‘–log’ to check more details.
    [Sun Jun 5 15:57:18 2022] See: htxps:x/github?com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    [Sun Jun 5 15:57:18 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:57:18 2022] payload=’{}’
    [Sun Jun 5 15:57:18 2022] POST
    [Sun Jun 5 15:57:18 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/chall/iiWhMsVpOfz6T2eSvv_Qzg’
    [Sun Jun 5 15:57:18 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:57:26 2022] _ret=‘0’
    [Sun Jun 5 15:57:26 2022] code=‘200’
    [Sun Jun 5 15:57:26 2022] url=‘htxps:x/acme?zeross?com/v2/DV90/chall/Bd7WTBc2G2UtNz9KrQ7eqQ’
    [Sun Jun 5 15:57:26 2022] payload=’{}’
    [Sun Jun 5 15:57:26 2022] POST
    [Sun Jun 5 15:57:26 2022] _post_url=‘htxps:x/acme?zeross?com/v2/DV90/chall/Bd7WTBc2G2UtNz9KrQ7eqQ’
    [Sun Jun 5 15:57:26 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
    [Sun Jun 5 15:57:34 2022] _ret=‘0’
    [Sun Jun 5 15:57:34 2022] code=‘200’
    [Sun Jun 5 15:57:34 2022] Diagnosis versions:
    openssl:openssl
    OpenSSL 1.0.2k-fips 26 Jan 2017
    apache:
    apache doesn’t exist.
    nginx:
    nginx doesn’t exist.
    socat:
    socat by Gerhard Rieger and contributors - see www.dest-unreach.org
    socat version 1.7.3.2 on Jun 23 2017 10:19:11
    running on Linux version #1 SMP Wed May 18 16:02:34 UTC 2022, release 3.10.0-1160.66.1.el7.x86_64, machine x86_64
    features:
    #define WITH_STDIO 1
    #define WITH_FDNUM 1
    #define WITH_FILE 1
    #define WITH_CREAT 1
    #define WITH_GOPEN 1
    #define WITH_TERMIOS 1
    #define WITH_PIPE 1
    #define WITH_UNIX 1
    #define WITH_ABSTRACT_UNIXSOCKET 1
    #define WITH_IP4 1
    #define WITH_IP6 1
    #define WITH_RAWIP 1
    #define WITH_GENERICSOCKET 1
    #define WITH_INTERFACE 1
    #define WITH_TCP 1
    #define WITH_UDP 1
    #define WITH_SCTP 1
    #define WITH_LISTEN 1
    #define WITH_SOCKS4 1
    #define WITH_SOCKS4A 1
    #define WITH_PROXY 1
    #define WITH_SYSTEM 1
    #define WITH_EXEC 1
    #define WITH_READLINE 1
    #define WITH_TUN 1
    #define WITH_PTY 1
    #define WITH_OPENSSL 1
    #undef WITH_FIPS
    #define WITH_LIBWRAP 1
    #define WITH_SYCLS 1
    #define WITH_FILAN 1
    #define WITH_RETRY 1
    #define WITH_MSGLEVEL 0 /debug/

Final, i am still want to find why cannot generate the SSL :cry:

Are you using cloudflare? If so, disable the orange cloud proxy and try issuing the SSL after 2-3 minutes of disabling the orange cloud proxy in cloudflare.

hello we working in add SSL in sub domain but not working we test more 3 or more but evry time not ssl installed how to fix it

I have the same issue. Any idea how can I fix this?

I have a couple of web pages with no issues, but a particular website gives an SSL error. There was no issue since last year, it all happened suddenly and can’t figure out the solution yet despite trying everything written here.

Any advice would be greatly appreciated.

I have not tested as busy with other things

about cyberpanel, I guess there is no problem with generate ( catch ) the ssl cert, the only problem is :

subdomain point to the server, ONLY subdomain, don’t automatically “add” www when generate ssl cert.

there should have freedom that I (user) need www or not , right?

HI , No cloudflare are using.

Update the docs and added further info for debugging v2.3.2 and above How to fix SSL issues in CyberPanel

How to recreate child domain (mail.domain.com) because email is not working on Thunderbird client. For a moment I can get emails, but not to send them. SSL can’t be issued and returns 404.

I don’t understand how to fill those fields properly

I have the problem when I call Cyberpanel with the SSL CERT problem. then the connection is not secure.
How can I change this?
Again and again Chrome tells me that the connection is not SIcher.
But when I go to the set up domains, SSL is set up.

English please. That’s how someone might be able to help you.

I edited it in English. Excuse me

Look on this tutorial. You need create subdomain and issue hostname SSL for it.

/root/.acme.sh/acme.sh --issue -d yourdomain.com -d www.yourdomain.com --cert-file /etc/letsencrypt/live/www.rmronsol.com/cert.pem --key-file /etc/letsencrypt/live/yourdomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/yourdomain.com/fullchain.pem -w /home/yourdomain.com/public_html --server letsencrypt --force --debug

I tried this, but it worked once and it didn’t work after that and so far the certificate is disabled and I updated the board. Is there another way?

/root/.acme.sh/acme.sh --issue -d yourdomain.com -d www.yourdomain.com --cert-file /etc/letsencrypt/live/www.rmronsol.com/cert.pem --key-file /etc/letsencrypt/live/yourdomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/yourdomain.com/fullchain.pem -w /home/yourdomain.com/public_html --server letsencrypt --force --debug
That appeared
.com:Verify error:ip: Invalid response from http:/ /.well-known/acme-challenge/ti0-_w4rImRGhurk7TTuqJObNTnPYW4rkRQAymgbsBA: 404