Letsencrypt dont issue or create cert.pem or valid certificate

Letsencrypt don’t issue or create cert.pem or valid certificate

Steps:
0. update cyberpanel to its last version

  1. verify DNS and zone file (everything ok and was working until now also renewing the certificate was working)
  2. Open the domain file manager and fix all permissions
  3. renew acme wget -O - https://get.acme.sh | sh
  4. remove the old certificate (rm -rf /etc/letsencrypt/live/paraisorustico.com.br)
    5 check vhost:
    context /.well-known/acme-challenge {
    location /usr/local/lsws/Example/html/.well-known/acme-challenge
    allowBrowse 1

rewrite {

}
addDefaultCharset off

phpIniOverride {

}
}

vhssl {
keyFile /etc/letsencrypt/live/paraisorustico.com.br/privkey.pem
certFile /etc/letsencrypt/live/paraisorustico.com.br/fullchain.pem
certChain 1
sslProtocol 24
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
}

  1. check domain root if folder /.well-known/acme-challenge was created (It was not created)
    7./root/.acme.sh/acme.sh --register-account -m [email protected]
  2. check /usr/local/lsws/Example/html/.well-known/acme-challenge (there was a empty file created for the domain)
    9 checking / disabling firewall (this was not the problem)
  3. checking /etc/letsencrypt/live/paraisorustico.com.br (there was found fullchain.pem and privkey.pem but not the cert.pem file)

I don’t know more how I could fix this, help was appreciated.

Thank you

Something is wrong with your site DNS
Because simply visiting the domain, its not even opening. Maybe the DNS entries are incorrect?

I have 2 dedicated servers with the last version from cyber panel and I notice now when I install a new domain/website and issue a certificate for this domain all other domains the SSL fails with the warning the certificate origins from the last installed domain.

Example:

Domains already working with letsencrypt certificate:

domainA
www.domainB

Now when I install domainC the certificates from domainA.com and domainB.com becomes invalid claiming the certificate is from domainC

The problem exists since the last update and affects both servers.

Hello @Jobadoo

This is a simple issue. You need to remove private keys and certificates at the Virtual Host Level


Then you delete all private keys and certificates for respective websites from server:

$ rm -f /etc/letsencrypt/live/cyberpanel.com/privkey.pem && rm -f /etc/letsencrypt/live/cyberpanel.com/fullchain.pem

Do this for all domains. Then resissue the CyberPanel way

@ josephgodwinke

Thank you for the tutorial, however, it still doesn’t work. It loads the Certificate correctly on Desktop Browsers but not in Android chrome where it still claims the certificate comes from another domain.
It also shows the correct certificate in SSL Checker → SSL Checker

I have certain urgency to fix this problem since it affects 2 servers and several domains.

So I would like to ask if some expert here would be so kind and fix this problem for me and I pay him for the service.

Thank you

@Jobadoo Key phrase It loads the Certificate correctly on Desktop Browsers… also shows the correct certificate in SSL Checker

Meaning my solution worked. So to fix your issue on Android chrome:

  1. Clear browser cache
  2. Disable VPN or Proxy
  3. Try again and revert back here

Ok there is definitive some bug I follow all instructions all domain certificates become invalid NET::ERR_CERT_COMMON_NAME_INVALID

And it seems there are more people who have the same problem.

When i remove the certificates and issue a new one in the cyber panel it shows success and it is on 89 days. SSL checker shows also everything correct but on mobile phones when disabling wireless and getting the internet from a handy provider the error NET::ERR_CERT_COMMON_NAME_INVALID comes up, and not only for me I have a lot of claims from clients who can’t access the websites with the same error.

Try it by yourself open in wlan www.saudenatural.info and than turn off wireless and connect to your mobile internet provider and reload or reopen www.saudenatural.info.

Of course, I delete all cookies all website data cleared the app cache etc. i am not behind a VPN or proxy

Kindly share which instructions you followed that led to the domain certificate becoming invalid so that i can report them to be removed.

Error NET::ERR_CERT_COMMON_NAME_INVALID can be cause by various issues and most of the time its usually either SSL is configured incorrectly or client issues such as VPN, browser addons, cookies etc.

CyberPanel from experience with latest update it issues SSL certificates perfectly but there maybe conflicts or bugs around reissuing it seldoms works as expected.

Your argument is counter intuitive. To check if SSL is correctly installed a proper host/sysadmin should not rely on client experiences but professional tools that verify the SSL certificate on their web servers is installed correctly without errors. For example examining www.saudenatural.info:

With these deductions you can now check server errors for SSL configuration issues. As far as that tool is concerned your ssl is setup correctly. You can always confirm this be clicking on padlcok icon on the address bar when visiting said domain and confirm if certificate is valid. A certificate cannot be valid and cause Error NET::ERR_CERT_COMMON_NAME_INVALID there must be other underlyting factors on the client side.

Hi,

What steps i did please look at the first post.

How the problem comes up on both servers.

I installed on both servers a new website and issue with the cyberpanel a certificate for the new website / domain. From this moment all other domains have a certificate error claiming Error NET::ERR_CERT_COMMON_NAME_INVALID

When i clicked the padlock and looked at the certificate details i can see it takes the common name from last installed domain / website certificate and not his own certificate.

I installed / moved now 2 websites to an other server (not litespeed) and it worked fine.

Look i am willing to pay to fix the issue because i literally tried everything to get this back working.

Upgrade your version

sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)

and debug by commandline

Ok, I am a little step forward.

When I remove a website that previously show the NET::ERR_CERT_COMMON_NAME_INVALID when issuing a new certificate with the steps above and then reinstall the website the SSL gets also issued successfully and stays valid when I repeat the step with other websites.

However, this would be an enormous work backup emails websites databases then delete the website and reinstall everything again.

@ josephgodwinke what does it mean exactly?

“You need to remove private keys and certificates at the Virtual Host Level”

Use your OLS webadmin console at https://SERVER_URL:7080/login.php and follow this Letsencrypt dont issue or create cert.pem or valid certificate - #4 by josephgodwinke

Hi @ josephgodwinke I understand where I need login, but how I remove there the private keys and certificates at the Virtual Host Level ?
What i need to do here to remove this ?

On SSL Private Key & Certificate check far right side you will see an Edit icon. Click it and all the fields for that section are writable. Remove Private key File path and Certificate File path