Mod Security & SSL Autorenew

Hello,
Today one of my website’s SSL got expired (I installed it manually). So I tried to issue SSL via Cyberpanel and I was getting connection error. I have tried many times and every time I got the error. So I have tried upgrading the Cyberpanel and still I was getting the error. So I checked and I came to know about the mod_security and after disabling it worked.

Now, the question is that whether this mod_security will cause any issue with the auto renewal of the SSL. As I read from many pages, Cyberpanel does support auto renewal upon installing directly from its dashboard. Do I need to do anything for the renewal to work without any issue?

PS: Even though with the mod_security I got the error, my Zerossl dashboard is flooded with certificates created every time.

Thank you.

Can you please share cyberpanel main logs and also error logs

Yeah this just shows that very few people run cyberpanel seriously, but you have to disable/modify

/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf

because cyberpanel use domain.com for the filename for a ssl request, which will get blocked with this error

[msg "URL file extension is restricted by policy"] [data ".com"]

so since cyberpanel put url extension ( .com ) in the url, that’s not going to work… It’s kind of weird rule to prevent file extensions in url anyway, not sure who thought that would work seamlessly.

People here will suggest to remove the BLOCKING-EVALUATION.conf, but that essentially disable all the rules, making the whole thing useless.

1 Like