I have issued hostname SSL for one of the websites on my panel that I use for accessing the cyberpanel dashboard instead of the IP…
my SSL still shows self-signed! why? I have pointed the A record of that subdomain to my server’s IP.
I can use it to reach the dashboard log in but it still gives the not-secure message!!
Are you using a proxy service like Cloudflare?
If so, let’s encrypt will fail to match your requesting IP with the domain several times and give you a self-signed certificate instead while you have it turned on (orange cloud icon).
If you are running a not-recent cyberpanel installation (you installed it more than 2 months ago), you may also lack the acme-challenge context, in that case, check this post:
I don’t use Cloudflare in fact my registrar is name.com… and cyberpanel version is latest…
the A record for cpanal.xyz.com (child domain I’m using as the cyberpanle hostname) = IP address of the server where cyberpanel installed
where:
A record for xyz.com (parent domain) = IP address of another server where my actual main site is residing… does that make a difference?
Shouldn’t affect, to get the real error only by looking at the log as it can be several things, run this command and post here the output:
Replace domain.tld by the subdomain, for example:
cpanal.xyz.com
/root/.acme.sh/acme.sh --issue -d domain.tld --cert-file /etc/letsencrypt/live/domain.tld/cert.pem --key-file /etc/letsencrypt/live/domain.tld/privkey.pem --fullchain-file /etc/letsencrypt/live/domain.tld/fullchain.pem -w /usr/local/lsws/Example/html --force --debug
- I have changed the domain.tld in the command with my actual cpanel hostname…
- I run the command
- it runs successfully, and these are the last few lines (please note that after copying the result, I have AGAIN manually replaced my actual hostname with the text domain.tld) and it shows this
[Sun 28 Aug 2022 08:48:27 PM +04] Cert success.
-----BEGIN CERTIFICATE-----
MIIGcjCCBFqgAwIBAgIRAIpFZFx17x…
…
…
…
…
-----END CERTIFICATE-----
[Sun 28 Aug 2022 08:48:27 PM +04] Your cert is in: /root/.acme.sh/domain.tld/domain.tld.cer
[Sun 28 Aug 2022 08:48:27 PM +04] Your cert key is in: /root/.acme.sh/domain.tld/domain.tld.key
[Sun 28 Aug 2022 08:48:27 PM +04] The intermediate CA cert is in: /root/.acme.sh/domain.tld/ca.cer
[Sun 28 Aug 2022 08:48:27 PM +04] And the full chain certs is there: /root/.acme.sh/domain.tld/fullchain.cer
[Sun 28 Aug 2022 08:48:27 PM +04] Installing cert to: /etc/letsencrypt/live/domain.tld/cert.pem
[Sun 28 Aug 2022 08:48:27 PM +04] Installing key to: /etc/letsencrypt/live/domain.tld/privkey.pem
[Sun 28 Aug 2022 08:48:27 PM +04] Installing full chain to: /etc/letsencrypt/live/domain.tld/fullchain.pem
[Sun 28 Aug 2022 08:48:27 PM +04] _on_issue_success
Does this means it is issued successfully?
By the way, THANK YOU So much for helping me
Yes, that should mean its working properly
The default SSL command also issues for “www”, and most times that break things and it’s not needed, that looks like it was the issue (in the command I sent I removed the www)
@tmoore
Thank you for confirming.
Brother, I’m facing a critical issue I wish you help in that. I have set 4 websites 2 of them I can manage… and the other 2 websites, I CAN NOT (when I click Websites>List Websites>Manage or File manager)
those 2 websites I’m getting (403 Forbidden Access to this resource on the server is denied!)
why?
Those 2 domains I’m unable to access contain a number they look like: xy1z.com & cpanel.xy1z.com… Is that error related to the fact that my domains having a number in it?
The same happened to me a few minutes ago actually, funny coincidence!
Go and disable your ModSecurity, in my case that was it
Why I can’t answer as I didn’t went to read the log
@tmoore So true, it works after disabling the ModSecurity…
So how can I enable it back? and why it works with some of my websites and some not?
Would you find the solution and advise me how you solved it?
Appreciated
It must be a false positive regarding ModSecurity, but I didn’t investigate it yet.
I’m about to leave for a trip, but Tuesday when I return I will try to find what’s happening and will let you know / make a post here
Good question, that one i don’t know
@tmoore For some reason this error still showing while saving some settings for example the vHost! any clue why is that happening?
@tmoore any discoveries on the ModSecurity why is causing the Forbidden error 403 on some of the website management?
Didn’t investigated yet, currently on some days off away from PC
Is there a guide available for how to do this on Cloudflare? I issue the SSL via CyberPanel and it seems okay, but my mail.domain is unsecure and when I try to connect via Gmail I receive an error saying that it is self-signed. The main domain is secure.
I’ve tried every guide on this forum that I could find. Any solutions?
What you probably are missing, is going to Cyberpanel → SSL → MailServer SSL and issuing it there
Below are steps to have your SSL certificate from Cloudflare instead of let’s encrypt. Please not that you will need to manually duplicate your main domain certificate and pem into your mailserver SSL:
Cloudflare dashboard → Select your domain → SSL/TLS → Origin Server → Create Certificate → Create (leave defaults options) → DO NOT PRESS OK YET, OPEN ANOTHER BROWSER TAB:
Cyberpanel → Websites → List websites → Select your website and click Manage → Add SSL button
Paste the Origin Certificate and Private Key that is displayed at Cloudflare in the fields above (Origin certificate into Paste your cert, Private Key into Paste your key field)
Press Save at cyberpanel.
Go back to the cloudflare tab and press OK.Then:
Cloudflare dashboard → Select your domain → SSL/TLS → Overview-> Select Full (strict) modeAnd that should be it.
Don’t forget to delete your browser cache if it fails to identify the certificate change.