Are you using a proxy service like Cloudflare?
If so, let’s encrypt will fail to match your requesting IP with the domain several times and give you a self-signed certificate instead while you have it turned on (orange cloud icon).
If you are running a not-recent cyberpanel installation (you installed it more than 2 months ago), you may also lack the acme-challenge context, in that case, check this post: