Cant access to my website anymore but still access to cyberpanel dashboard

Hello everyone
I was trying to make the Cyber Panel Dashboard be on the following link: cp.al-investor.com
Secure it through ssl
But once I made my Cyber Panel Dashboard In Cloudflare (cp.al-investor.com) Proxied, I could not access the site again


Exactly the same way as in the picture

I tried:

  1. Remove Cloud Flare and rely on the main provider for my domain (it did not work).
  2. Turning off the firewall of the CyberPanel and turning off most of the protection systems (it did not work).
  3. Turn off WordPress security plugins (it didn’t work).
    Here is some information about the error logs and screenshots.

this is my screen shoot for main domian

and when I click on preview on cyberpanel for my website this screen appear:

ModSecurity Audit Logs

content-type: text/html; charset=UTF-8

---nsxllz08---H--

---nsxllz08---Z--

---dvujomFN---A--
[23/May/2023:15:51:33 +0000] 1684857093 103.187.106.15 50654 al-investor.com 443
---dvujomFN---F--
HTTP/1.1 503
x-dns-prefetch-control: on
expires: Sat, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate, private, max-age=0
retry-after: 600
x-litespeed-cache-control: no-cache
content-type: text/html; charset=UTF-8

---dvujomFN---H--

---dvujomFN---Z--

---9f1BwR3z---A--
[23/May/2023:15:52:03 +0000] 1684857123 172.104.252.200 55400 cp.al-investor.com 80
---9f1BwR3z---F--
HTTP/1.1 403
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache

---9f1BwR3z---H--
ModSecurity: Warning. Matched "Operator `Within' with parameter `.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .ln (150 characters omitted)' against variable `TX:EXTENSION' (Value: `.com/' ) [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1015"] [id "920440"] [rev ""] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cp.al-investor.com"] [uri "/.well-known/acme-challenge/cp.al-investor.com"] [unique_id "1684857123"] [ref "o14,4o15,3v32,18o71,5t:urlDecodeUni,t:lowercase"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cp.al-investor.com"] [uri "/.well-known/acme-challenge/cp.al-investor.com"] [unique_id "1684857123"] [ref ""]

---9f1BwR3z---Z--

---hNJgwh9k---A--
[23/May/2023:15:52:23 +0000] 1684857143 172.104.252.200 48064 cp.al-investor.com 80
---hNJgwh9k---F--
HTTP/1.1 403
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache

---hNJgwh9k---H--
ModSecurity: Warning. Matched "Operator `Within' with parameter `.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .ln (150 characters omitted)' against variable `TX:EXTENSION' (Value: `.com/' ) [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1015"] [id "920440"] [rev ""] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cp.al-investor.com"] [uri "/.well-known/acme-challenge/cp.al-investor.com"] [unique_id "1684857143"] [ref "o14,4o15,3v32,18o71,5t:urlDecodeUni,t:lowercase"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cp.al-investor.com"] [uri "/.well-known/acme-challenge/cp.al-investor.com"] [unique_id "1684857143"] [ref ""]

---hNJgwh9k---Z--


Error Logs

Error Logs for main web server.

2023-05-26 10:11:19.122100 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [enableprivatecache 0]
2023-05-26 10:11:19.122102 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [privateexpireinseconds 3600]
2023-05-26 10:11:19.122104 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [modsecurity off]
2023-05-26 10:11:19.122106 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [modsecurity_rules `]
2023-05-26 10:11:19.122108 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secdebugloglevel 9]
2023-05-26 10:11:19.122110 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secdebuglog /usr/local/lsws/logs/modsec.log]
2023-05-26 10:11:19.122112 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secauditengine off]
2023-05-26 10:11:19.122114 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secauditlogrelevantstatus "^(?:5|4(?!04))"]
2023-05-26 10:11:19.122116 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secauditlogparts AFH]
2023-05-26 10:11:19.122118 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secauditlogtype Serial]
2023-05-26 10:11:19.122119 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secauditlog /usr/local/lsws/logs/auditmodsec.log]
2023-05-26 10:11:19.122122 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [secruleengine off]
2023-05-26 10:11:19.122123 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [` ]
2023-05-26 10:11:19.122126 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf]
2023-05-26 10:11:19.122127 [INFO] [PlainConf] [httpServerConfig:] module [mod_security] add param [modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf]
2023-05-26 10:11:19.122133 [NOTICE] Loading LiteSpeed/1.7.16 Open (lsquic 3.1.1, modgzip 1.1, cache 1.64, mod_security 1.4) BUILD (built: Thu Nov 17 16:18:46 UTC 2022) ...
2023-05-26 10:11:19.122144 [NOTICE] Using [BoringSSL]
2023-05-26 10:11:19.123165 [NOTICE] [ADMIN] server socket: uds://usr/local/lsws/admin/tmp/admin.sock.7587, fd 6.
2023-05-26 10:11:19.123389 [NOTICE] [248745] chroot is disabled.
2023-05-26 10:11:19.123401 [INFO] [248745] old priority: 0, new priority: 0
2023-05-26 10:11:19.123551 [INFO] [248745] [config:server:basics2] For better obscurity, server version number is hidden in the response header.
2023-05-26 10:11:19.124277 [INFO] [248745] setuid is allowed in Ext Apps
2023-05-26 10:11:19.124680 [NOTICE] [248745] [PID: 248745]: forked cgid: 248746
2023-05-26 10:11:19.124845 [INFO] [248745] Add QUIC.cloud IPs from admin/conf/quic-cloud-ips to trusted ACL ...
2023-05-26 10:11:19.124942 [INFO] [248745] Add CloudFlare Subnets to trusted ACL ...
2023-05-26 10:11:19.124994 [INFO] [248745] [PlainConf] [adminConfig:] start parsing file /usr/local/lsws/admin/conf/admin_config.conf
2023-05-26 10:11:19.125173 [INFO] [248745] [PlainConf] [adminConfig:] Finished parsing file /usr/local/lsws/admin/conf/admin_config.conf
2023-05-26 10:11:19.125616 [INFO] [248745] QuicEngine::init(), pid: 248745, log level [warn].
2023-05-26 10:11:19.133471 [INFO] [248745] [Module:mod_security] ParseConfig entry, level 1, Mod_Security v3.0.8
2023-05-26 10:11:19.137405 [INFO] [248745] [Module:mod_security] Enable flag interpreted as 0
2023-05-26 10:11:19.137426 [INFO] [248745] [Module:mod_security] setSecRule value: 
secdebugloglevel 9
secdebuglog /usr/local/lsws/logs/modsec.log
secauditengine off
secauditlogrelevantstatus "^(?:5|4(?!04))"
secauditlogparts AFH
secauditlogtype Serial
secauditlog /usr/local/lsws/logs/auditmodsec.log
secruleengine off
 , type: 1 
2023-05-26 10:11:19.137779 [INFO] [248745] [Module:mod_security] setSecRule value: /usr/local/lsws/conf/modsec/rules.conf, type: 2 
2023-05-26 10:11:19.137846 [INFO] [248745] [Module:mod_security] setSecRule value: /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/owasp-master.conf, type: 2 
2023-05-26 10:11:19.322064 [INFO] [248745] [Module: modcompress 1.1] has been initialized successfully
2023-05-26 10:11:19.322144 [INFO] [248745] [Module: moddecompress 1.1] has been initialized successfully
2023-05-26 10:11:19.322236 [INFO] [248745] [Module: cache 1.64] has been initialized successfully
2023-05-26 10:11:19.322332 [INFO] [248745] [Module: mod_security mod_security 1.4] has been initialized successfully
2023-05-26 10:11:19.323432 [ERROR] [248745] [SSL:0x2bc06f0] Config SSL Context with Certificate File: /usr/local/lsws/admin/conf/webadmin.crt and Key File:/usr/local/lsws/admin/conf/webadmin.key get SSL error: error:0b000074:X.509 certificate routines:OPENSSL_internal:KEY_VALUES_MISMATCHerror:0b000074:X.509 certificate routines:OPENSSL_internal:KEY_VALUES_MISMATCH
2023-05-26 10:11:19.323451 [ERROR] [248745] [config:admin:listener:adminListener:ssl] failed to create new SSLContext for *:7080
2023-05-26 10:11:19.323458 [ERROR] [248745] [config:admin:listener] No listener is available for admin virtual host!
2023-05-26 10:11:19.324903 [ERROR] [248745] Fatal error in configuration, exit!

CyberPanel Main Log File

This log file corresponds to errors generated by CyberPanel for your domain errors log you can look into /home/domain/logs

it seems too long to put it here

it seems upgraded fine

Welcome @mohamedlahlah

Which server os is this ?

thank you for quick respond
Ubuntu 20.04 LTS

Check shows the domain is tied to the server and the server is running litespeed/ols.

Can you run the upgrade script and reboot your server

do you mean this commands? I already did it and same problem

source /usr/local/CyberCP/bin/activate
pip install --ignore-installed -r /usr/local/CyberCP/requirments.txt
deactivate
virtualenv --system-site-packages /usr/local/CyberCP
systemctl restart gunicorn.socket

but this comannd systemctl start gunicorn.socket

No where did you get that from ?

kindly follow the documentation Docs - CyberPanel Community

At first I tried to implement what came in comment

I’m upgrading the version now

It shows this error

WatchDog for Pure-FTPd has been started...
chown: cannot access '/usr/local/CyberCP/lib64': No such file or directory
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Seems something wrong with upgrade, please check...

You have mail in /var/mail/root

You got this error after upgrade ?

I got error while executing upgrade commands

sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)

Looks like curl related issue.

Try upgrade as a sudo user such as root or admin. Mae sure your server is not behind some firewall or proxy. Check cloudflare settings

Post the output of checking lsws service status e.g. service lsws status or systemctl status lsws

for udgrading I got the same error

WatchDog for PostFix has been started...

Checking Pure-FTPd...

WatchDog for Pure-FTPd is gone , restarting...

WatchDog for Pure-FTPd has been started...
chown: cannot access '/usr/local/CyberCP/lib64': No such file or directory
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Seems something wrong with upgrade, please check...

for systemctl status lsws I got

● lshttpd.service - OpenLiteSpeed HTTP Server
     Loaded: loaded (/etc/systemd/system/lshttpd.service; enabled; vendor prese>
     Active: activating (start) since Fri 2023-05-26 12:18:58 UTC; 2s ago
Cntrl PID: 382801 (lswsctrl)
     CGroup: /system.slice/lshttpd.service
             ├─382801 /bin/sh /usr/local/lsws/bin/lswsctrl start
             └─382837 sleep 1

May 26 12:18:58 localhost systemd[1]: Starting OpenLiteSpeed HTTP Server...
May 26 12:18:58 localhost lswsctrl[382801]: [OK] litespeed: pid=382831.

Checked again can you flush dns cache and disable vpn, or check if you have root domain record in cloudflare

I got it while executing upgrade commands sudo systemd-resolve --flush-caches

I already disable cloudflare

I also do it on my laptop
Capture12

Note, I will not be able to respond to the topic due to the site’s policies for new users

I mean flush dns cache on your client - your desktop, laptop, PC

@josephgodwinke
I did flush dns cache on my computer but still not working