Are you using a proxy service like Cloudflare?
If so, let’s encrypt will fail to match your requesting IP with the domain several times and give you a self-signed certificate instead while you have it turned on (orange cloud icon).
If you are running a not-recent cyberpanel installation (you installed it more than 2 months ago), you may also lack the acme-challenge context, in that case, check this post:
I don’t use Cloudflare in fact my registrar is name.com… and cyberpanel version is latest…
the A record for cpanal.xyz.com (child domain I’m using as the cyberpanle hostname) = IP address of the server where cyberpanel installed
where:
A record for xyz.com (parent domain) = IP address of another server where my actual main site is residing… does that make a difference?
Shouldn’t affect, to get the real error only by looking at the log as it can be several things, run this command and post here the output:
Replace domain.tld by the subdomain, for example: cpanal.xyz.com
I have changed the domain.tld in the command with my actual cpanel hostname…
I run the command
it runs successfully, and these are the last few lines (please note that after copying the result, I have AGAIN manually replaced my actual hostname with the text domain.tld) and it shows this
[Sun 28 Aug 2022 08:48:27 PM +04] Cert success.
-----BEGIN CERTIFICATE-----
MIIGcjCCBFqgAwIBAgIRAIpFZFx17x…
…
…
…
…
-----END CERTIFICATE-----
[Sun 28 Aug 2022 08:48:27 PM +04] Your cert is in: /root/.acme.sh/domain.tld/domain.tld.cer
[Sun 28 Aug 2022 08:48:27 PM +04] Your cert key is in: /root/.acme.sh/domain.tld/domain.tld.key
[Sun 28 Aug 2022 08:48:27 PM +04] The intermediate CA cert is in: /root/.acme.sh/domain.tld/ca.cer
[Sun 28 Aug 2022 08:48:27 PM +04] And the full chain certs is there: /root/.acme.sh/domain.tld/fullchain.cer
[Sun 28 Aug 2022 08:48:27 PM +04] Installing cert to: /etc/letsencrypt/live/domain.tld/cert.pem
[Sun 28 Aug 2022 08:48:27 PM +04] Installing key to: /etc/letsencrypt/live/domain.tld/privkey.pem
[Sun 28 Aug 2022 08:48:27 PM +04] Installing full chain to: /etc/letsencrypt/live/domain.tld/fullchain.pem
[Sun 28 Aug 2022 08:48:27 PM +04] _on_issue_success
The default SSL command also issues for “www”, and most times that break things and it’s not needed, that looks like it was the issue (in the command I sent I removed the www)
@tmoore
Thank you for confirming.
Brother, I’m facing a critical issue I wish you help in that. I have set 4 websites 2 of them I can manage… and the other 2 websites, I CAN NOT (when I click Websites>List Websites>Manage or File manager)
those 2 websites I’m getting (403 Forbidden Access to this resource on the server is denied!)
why?
Those 2 domains I’m unable to access contain a number they look like: xy1z.com & cpanel.xy1z.com… Is that error related to the fact that my domains having a number in it?
@tmoore So true, it works after disabling the ModSecurity…
So how can I enable it back? and why it works with some of my websites and some not?
Would you find the solution and advise me how you solved it?
Is there a guide available for how to do this on Cloudflare? I issue the SSL via CyberPanel and it seems okay, but my mail.domain is unsecure and when I try to connect via Gmail I receive an error saying that it is self-signed. The main domain is secure.
I’ve tried every guide on this forum that I could find. Any solutions?
What you probably are missing, is going to Cyberpanel → SSL → MailServer SSL and issuing it there
Below are steps to have your SSL certificate from Cloudflare instead of let’s encrypt. Please not that you will need to manually duplicate your main domain certificate and pem into your mailserver SSL:
Cloudflare dashboard → Select your domain → SSL/TLS → Origin Server → Create Certificate → Create (leave defaults options) → DO NOT PRESS OK YET, OPEN ANOTHER BROWSER TAB:
Cyberpanel → Websites → List websites → Select your website and click Manage → Add SSL button
Paste the Origin Certificate and Private Key that is displayed at Cloudflare in the fields above (Origin certificate into Paste your cert, Private Key into Paste your key field)
Press Save at cyberpanel.
Go back to the cloudflare tab and press OK.
Then:
Cloudflare dashboard → Select your domain → SSL/TLS → Overview-> Select Full (strict) mode
And that should be it.
Don’t forget to delete your browser cache if it fails to identify the certificate change.
I was helped on the CyberPanel Facebook page. These were the steps I was told to follow that solved the problem for me. Adding them here for others in the future.
Go into Cloudflare and make sure that your mail subdomain name has a grey cloud on it, not the orange cloud. So it says DNS Only on it. Same for webmail and www.mail or other subdomain variants.
Go to CyberPanel and select SSL > MailServer SSL, or type your EXAMPLEIP:8090/manageSSL/sslForMailServer
Choose your mail subdomain and issue the SSL.
Then use your third-party email service, such as Gmail, and enter your email information and password.
For me, send mail was mail.domain.com
Secured connection on port 465 using SSL