How to get Cloudfare SSL?

issued it but it is showing -

“… HAS SELF-SIGNED SSL. Your SSL will expire in 3649 days.”

So when i preview it, its still unsecure connection

Test your website SSL certificate SSL Checker | Free online SSL Certificate Test for your website | IONOS

Can you see something like this

In the yellow sign it is showing as “1 warning”

Action recommended

Root installed on the server.

For best practices, remove the self-signed root from the server.

There is inherent issue with CyberPanel way of issuing SSL Certificates. I know this is tasking but can you remove all SSL certificates on your account. I mean all of them doesnt matter what certificate does what just remove them all.

And reissue one this way

/root/.acme.sh/acme.sh --issue -d somedomain.com --cert-file /etc/letsencrypt/live/somedomain.com/cert.pem --key-file /etc/letsencrypt/live/somedomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/somedomain.com/fullchain.pem -w /usr/local/lsws/Example/html --force --debug

i used this command and also replaced with my domain. but it is not issuing ssl. it is showing some long result. which i am unable to understand

Post it here

[Tue Nov 8 10:29:14 UTC 2022] Lets find script dir.
[Tue Nov 8 10:29:14 UTC 2022] SCRIPT=‘/root/.acme.sh/acme.sh’
[Tue Nov 8 10:29:14 UTC 2022] _script=‘/root/.acme.sh/acme.sh’
[Tue Nov 8 10:29:14 UTC 2022] _script_home=‘/root/.acme.sh’
[Tue Nov 8 10:29:14 UTC 2022] Using config home:/root/.acme.sh

v3.0.5
[Tue Nov 8 10:29:14 UTC 2022] Running cmd: issue
[Tue Nov 8 10:29:14 UTC 2022] _main_domain=‘mysite.com
[Tue Nov 8 10:29:14 UTC 2022] _alt_domains=‘no’
[Tue Nov 8 10:29:14 UTC 2022] Using config home:/root/.acme.sh
[Tue Nov 8 10:29:14 UTC 2022] default_acme_server=‘https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 8 10:29:14 UTC 2022] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 8 10:29:14 UTC 2022] DOMAIN_PATH=‘/root/.acme.sh/mysite.com’
[Tue Nov 8 10:29:14 UTC 2022] Le_NextRenewTime
[Tue Nov 8 10:29:14 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 8 10:29:14 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 8 10:29:14 UTC 2022] GET
[Tue Nov 8 10:29:14 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 8 10:29:14 UTC 2022] timeout=
[Tue Nov 8 10:29:14 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Tue Nov 8 10:29:15 UTC 2022] ret=‘0’
[Tue Nov 8 10:29:15 UTC 2022] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change
[Tue Nov 8 10:29:15 UTC 2022] ACME_NEW_AUTHZ
[Tue Nov 8 10:29:15 UTC 2022] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Tue Nov 8 10:29:15 UTC 2022] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct
[Tue Nov 8 10:29:15 UTC 2022] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert
[Tue Nov 8 10:29:15 UTC 2022] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
[Tue Nov 8 10:29:15 UTC 2022] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Tue Nov 8 10:29:15 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 8 10:29:15 UTC 2022] _on_before_issue
[Tue Nov 8 10:29:15 UTC 2022] _chk_main_domain=‘mysite.com
[Tue Nov 8 10:29:15 UTC 2022] _chk_alt_domains
[Tue Nov 8 10:29:15 UTC 2022] Le_LocalAddress
[Tue Nov 8 10:29:15 UTC 2022] d=‘mysite.com
[Tue Nov 8 10:29:15 UTC 2022] Check for domain=‘mysite.com
[Tue Nov 8 10:29:15 UTC 2022] _currentRoot=’/usr/local/lsws/Example/html’
[Tue Nov 8 10:29:15 UTC 2022] d
[Tue Nov 8 10:29:15 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Tue Nov 8 10:29:15 UTC 2022] Read key length:2048
[Tue Nov 8 10:29:15 UTC 2022] _createcsr
[Tue Nov 8 10:29:15 UTC 2022] Single domain=‘mysite.com
[Tue Nov 8 10:29:15 UTC 2022] Getting domain auth token for each domain
[Tue Nov 8 10:29:15 UTC 2022] d
[Tue Nov 8 10:29:15 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Tue Nov 8 10:29:15 UTC 2022] payload=‘{“identifiers”: [{“type”:“dns”,“value”:“mysite.com”}]}’
[Tue Nov 8 10:29:15 UTC 2022] RSA key
[Tue Nov 8 10:29:15 UTC 2022] HEAD
[Tue Nov 8 10:29:15 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Tue Nov 8 10:29:15 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ’
[Tue Nov 8 10:29:15 UTC 2022] _ret=‘0’
[Tue Nov 8 10:29:15 UTC 2022] POST
[Tue Nov 8 10:29:15 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Tue Nov 8 10:29:15 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Tue Nov 8 10:29:16 UTC 2022] _ret=‘0’
[Tue Nov 8 10:29:16 UTC 2022] code=‘201’
[Tue Nov 8 10:29:16 UTC 2022] Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/805287587/142085257667
[Tue Nov 8 10:29:16 UTC 2022] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/805287587/142085257667
[Tue Nov 8 10:29:16 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/173780418457
[Tue Nov 8 10:29:16 UTC 2022] payload
[Tue Nov 8 10:29:16 UTC 2022] POST
[Tue Nov 8 10:29:16 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/173780418457
[Tue Nov 8 10:29:16 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Tue Nov 8 10:29:16 UTC 2022] _ret=‘0’
[Tue Nov 8 10:29:16 UTC 2022] code=‘200’
[Tue Nov 8 10:29:16 UTC 2022] d=‘mysite.com
[Tue Nov 8 10:29:16 UTC 2022] Getting webroot for domain=‘mysite.com
[Tue Nov 8 10:29:16 UTC 2022] _w=’/usr/local/lsws/Example/html’
[Tue Nov 8 10:29:16 UTC 2022] _currentRoot=’/usr/local/lsws/Example/html’
[Tue Nov 8 10:29:16 UTC 2022] entry=‘“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg",“token”:"PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4”’
[Tue Nov 8 10:29:16 UTC 2022] token=‘PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4’
[Tue Nov 8 10:29:16 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg
[Tue Nov 8 10:29:16 UTC 2022] keyauthorization=‘PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4.TGD9fZfxnuLs–cxe4cs603i7DJXO0z9eROCivBK49U’
[Tue Nov 8 10:29:16 UTC 2022] dvlist=‘mysite.com#PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4.TGD9fZfxnuLs--cxe4cs603i7DJXO0z9eROCivBK49U#https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg#http-01#/usr/local/lsws/Example/html
[Tue Nov 8 10:29:16 UTC 2022] d
[Tue Nov 8 10:29:16 UTC 2022] vlist=‘mysite.com#PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4.TGD9fZfxnuLs--cxe4cs603i7DJXO0z9eROCivBK49U#https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg#http-01#/usr/local/lsws/Example/html,
[Tue Nov 8 10:29:16 UTC 2022] d=‘mysite.com
[Tue Nov 8 10:29:16 UTC 2022] ok, let’s start to verify
[Tue Nov 8 10:29:16 UTC 2022] Verifying: mysite.com
[Tue Nov 8 10:29:16 UTC 2022] d=‘mysite.com
[Tue Nov 8 10:29:16 UTC 2022] keyauthorization=‘PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4.TGD9fZfxnuLs–cxe4cs603i7DJXO0z9eROCivBK49U’
[Tue Nov 8 10:29:16 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg
[Tue Nov 8 10:29:16 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Tue Nov 8 10:29:16 UTC 2022] wellknown_path=‘/usr/local/lsws/Example/html/.well-known/acme-challenge’
[Tue Nov 8 10:29:16 UTC 2022] writing token:PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4 to /usr/local/lsws/Example/html/.well-known/acme-challenge/PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4
[Tue Nov 8 10:29:16 UTC 2022] Changing owner/group of .well-known to root:root
[Tue Nov 8 10:29:16 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg
[Tue Nov 8 10:29:16 UTC 2022] payload=‘{}’
[Tue Nov 8 10:29:16 UTC 2022] POST
[Tue Nov 8 10:29:16 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg
[Tue Nov 8 10:29:16 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Tue Nov 8 10:29:17 UTC 2022] _ret=‘0’
[Tue Nov 8 10:29:17 UTC 2022] code=‘200’
[Tue Nov 8 10:29:17 UTC 2022] trigger validation code: 200
[Tue Nov 8 10:29:17 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Tue Nov 8 10:29:17 UTC 2022] sleep 2 secs to verify again
[Tue Nov 8 10:29:20 UTC 2022] checking
[Tue Nov 8 10:29:20 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg
[Tue Nov 8 10:29:20 UTC 2022] payload
[Tue Nov 8 10:29:20 UTC 2022] POST
[Tue Nov 8 10:29:20 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg
[Tue Nov 8 10:29:20 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Tue Nov 8 10:29:20 UTC 2022] _ret=‘0’
[Tue Nov 8 10:29:20 UTC 2022] code=‘200’
[Tue Nov 8 10:29:20 UTC 2022] mysite.com:Verify error:2a02:4780:b:656:0:1e54:68bb:3: Invalid response from http://mysite.com/.well-known/acme-challenge/PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4: 404
[Tue Nov 8 10:29:20 UTC 2022] Debug: get token url.
[Tue Nov 8 10:29:20 UTC 2022] GET
[Tue Nov 8 10:29:20 UTC 2022] url=‘http://mysite.com/.well-known/acme-challenge/PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4
[Tue Nov 8 10:29:20 UTC 2022] timeout=1
[Tue Nov 8 10:29:20 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1’

404 Not Found

404 Not Found


openresty [root@authoritysiteone ~]# [Tue Nov 8 10:29:20 UTC 2022] ret='0' [Tue Nov 8 10:29:20 UTC 2022] Debugging, skip removing: /usr/local/lsws/Example/html/.well-known/acme-challenge/PD7JbFmwGS0yEL7OLdLsjW31AprrzewbytYJJqZvMj4 [Tue Nov 8 10:29:20 UTC 2022] pid [root@authoritysiteone ~]# [Tue Nov 8 10:29:21 UTC 2022] _clearupdns [Tue Nov 8 10:29:21 UTC 2022] dns_entries [Tue Nov 8 10:29:21 UTC 2022] skip dns. [Tue Nov 8 10:29:21 UTC 2022] _on_issue_err [Tue Nov 8 10:29:21 UTC 2022] Please add '--debug' or '--log' to check more details. [Tue Nov 8 10:29:21 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Tue Nov 8 10:29:21 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg' [Tue Nov 8 10:29:21 UTC 2022] payload='{}' [Tue Nov 8 10:29:21 UTC 2022] POST [Tue Nov 8 10:29:21 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/173780418457/MNV6qg' [Tue Nov 8 10:29:21 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Tue Nov 8 10:29:21 UTC 2022] _ret='0' [Tue Nov 8 10:29:21 UTC 2022] code='400' [Tue Nov 8 10:29:21 UTC 2022] Diagnosis versions: openssl:openssl OpenSSL 1.0.2k-fips 26 Jan 2017 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.3.2 on Jun 23 2017 10:19:11 running on Linux version #1 SMP Thu Apr 22 16:18:59 MSK 2021, release 3.10.0, machine x86_64 features: #define WITH_STDIO 1 #define WITH_FDNUM 1 #define WITH_FILE 1 #define WITH_CREAT 1 #define WITH_GOPEN 1 #define WITH_TERMIOS 1 #define WITH_PIPE 1 #define WITH_UNIX 1 #define WITH_ABSTRACT_UNIXSOCKET 1 #define WITH_IP4 1 #define WITH_IP6 1 #define WITH_RAWIP 1 #define WITH_GENERICSOCKET 1 #define WITH_INTERFACE 1 #define WITH_TCP 1 #define WITH_UDP 1 #define WITH_SCTP 1 #define WITH_LISTEN 1 #define WITH_SOCKS4 1 #define WITH_SOCKS4A 1 #define WITH_PROXY 1 #define WITH_SYSTEM 1 #define WITH_EXEC 1 #define WITH_READLINE 1 #define WITH_TUN 1 #define WITH_PTY 1 #define WITH_OPENSSL 1 #undef WITH_FIPS #define WITH_LIBWRAP 1 #define WITH_SYCLS 1 #define WITH_FILAN 1 #define WITH_RETRY 1 #define WITH_MSGLEVEL 0 /*debug*/ [root@authoritysiteone ~]#

i I need more logs because I gave my clients same steps and I have done the same steps on a test server and it works. Do you have additional ssl certificates in your server?

Other ways to fix this

https://community.cyberpanel.net/docs?category=51&topic=90#debugging-tips-for-v232-and-above-7

here are the latest logs:

[11.09.2022_02-00-07] Status Code: 404 for: http://mysite.com/.well-known/acme-challenge/mysite.com. Error:

404 Not Found

404 Not Found


openresty

[11.09.2022_02-00-20] [Failed to obtain SSL. [obtainSSLForADomain]]

[11.09.2022_02-00-20] Self signed SSL issued for mysite.com.

[11.09.2022_02-00-24] Checking SSL for ssl.mysite.com.

[11.09.2022_02-00-24] SSL does not exist for ssl.mysite.com. Obtaining now…

[11.09.2022_02-00-24] Status Code: 200 for: http://www.ssl.mysite.com/.well-known/acme-challenge/ssl.mysite.com

[11.09.2022_02-00-24] Status Code: 200 for: http://ssl.mysite.com/.well-known/acme-challenge/ssl.mysite.com

[11.09.2022_02-00-38] [Failed to obtain SSL. [obtainSSLForADomain]]

[11.09.2022_02-00-39] Self signed SSL issued for ssl.mysite.com.

[11.09.2022_02-00-43] Restarting mail services for them to see new SSL.

[11.09.2022_02-00-43] [Errno 2] No such file or directory: ‘postmap’: ‘postmap’. [ProcessUtilities.normalExecutioner.Base]

@josephgodwinke

The ssl certificate do not exist for that domain.

  1. First upgrade your CyberPanel copy
sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)
  1. update the ACME client to the latest version run the following command

wget -O - https://get.acme.sh | sh

  1. try and fix permissions: Go to WebsitesList WebsitesFile Manager and Fix Permissions

  2. Turn off ModSecurity by going to SecurityModSecurity Conf then go to SSLManage SSL

did all the steps as you mentioned

still it is showing - HAS SELF-SIGNED SSL.

Your SSL will expire in 3649 days.

Note that i have created two websites - mysite. com and ssl.mysite .com

and have issued ssl for both of them

And as far as ModSecurity Conf is concerned, it is not even installed so im assuming its off

@josephgodwinke

it shows my this result in red color: Unknown parameter : mysite .com

@josephgodwinke

Follow this tutorial if you need any help PM me

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.