Self Signed cert on Let's encrypt cert

I’ve just installed cyberpanel but if I issue a SSL it says “SSL successfully created”, but if I manage the website it says “This website has a self signed certificate.” Help

Hello @blutudlut Happy you are here

Go to OLS WebAdmin Console of your server i.e https://SERVER_URL:7080 use admin and password you chose for CyberPanel admin panel

If you cannot log in. Using SSH Terminal run adminPass add new password


Then you delete all private keys and certificates for respective website from server:

$ rm -f /etc/letsencrypt/live/ <YOUR\_DOMAIN>/privkey.pem && rm -f /etc/letsencrypt/live/ <YOUR\_DOMAIN>/fullchain.pem

Then run this command from How to fix SSL issues in CyberPanel

/root/.acme.sh/acme.sh --issue -d <YOUR\_DOMAIN> -d www.<YOUR\_DOMAIN> --cert-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/cert.pem --key-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/privkey.pem --fullchain-file /etc/letsencrypt/live/<YOUR\_DOMAIN>/fullchain.pem -w /usr/local/lsws/Example/html --force --debug

Go back to OLS and add the privatekey and fullchain links to the vHost of the domain

to issue ssl, it’s important to pointing A record to your ip and CNAME www. have you?

yes, i have

theres an error when i want to issue the cert:

Post the contents of nano /root/.acme.sh/acme.sh.log or vi /root/.acme.sh/acme.sh.log

okay:

[Tue 06 Dec 2022 04:19:00 PM UTC] Running cmd: issue
[Tue 06 Dec 2022 04:19:00 PM UTC] _main_domain='electryfy.shop'
[Tue 06 Dec 2022 04:19:00 PM UTC] _alt_domains='www.electryfy.shop'
[Tue 06 Dec 2022 04:19:00 PM UTC] Using config home:/root/.acme.sh
[Tue 06 Dec 2022 04:19:00 PM UTC] default_acme_server
[Tue 06 Dec 2022 04:19:00 PM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Tue 06 Dec 2022 04:19:00 PM UTC] DOMAIN_PATH='/root/.acme.sh/electryfy.shop'
[Tue 06 Dec 2022 04:19:00 PM UTC] Le_NextRenewTime
[Tue 06 Dec 2022 04:19:00 PM UTC] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Tue 06 Dec 2022 04:19:00 PM UTC] _init api for server: https://acme.zerossl.com/v2/DV90
[Tue 06 Dec 2022 04:19:00 PM UTC] GET
[Tue 06 Dec 2022 04:19:00 PM UTC] url='https://acme.zerossl.com/v2/DV90'
[Tue 06 Dec 2022 04:19:00 PM UTC] timeout=
[Tue 06 Dec 2022 04:19:00 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue 06 Dec 2022 04:19:01 PM UTC] ret='0'
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_NEW_AUTHZ
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20221001_Certificate_Subscriber_Agreement_v_2_5_click.pdf'
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Tue 06 Dec 2022 04:19:01 PM UTC] Using CA: https://acme.zerossl.com/v2/DV90
[Tue 06 Dec 2022 04:19:01 PM UTC] _on_before_issue
[Tue 06 Dec 2022 04:19:01 PM UTC] _chk_main_domain='electryfy.shop'
[Tue 06 Dec 2022 04:19:01 PM UTC] _chk_alt_domains='www.electryfy.shop'
[Tue 06 Dec 2022 04:19:01 PM UTC] Le_LocalAddress
[Tue 06 Dec 2022 04:19:01 PM UTC] d='electryfy.shop'
[Tue 06 Dec 2022 04:19:01 PM UTC] Check for domain='electryfy.shop'
[Tue 06 Dec 2022 04:19:01 PM UTC] _currentRoot='/usr/local/lsws/Example/html'
[Tue 06 Dec 2022 04:19:01 PM UTC] d='www.electryfy.shop'
[Tue 06 Dec 2022 04:19:01 PM UTC] Check for domain='www.electryfy.shop'
[Tue 06 Dec 2022 04:19:01 PM UTC] _currentRoot='/usr/local/lsws/Example/html'
[Tue 06 Dec 2022 04:19:01 PM UTC] d
[Tue 06 Dec 2022 04:19:01 PM UTC] config file is empty, can not read CA_KEY_HASH
[Tue 06 Dec 2022 04:19:01 PM UTC] Using config home:/root/.acme.sh
[Tue 06 Dec 2022 04:19:01 PM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Tue 06 Dec 2022 04:19:01 PM UTC] _init api for server: https://acme.zerossl.com/v2/DV90
[Tue 06 Dec 2022 04:19:01 PM UTC] RSA key
[Tue 06 Dec 2022 04:19:01 PM UTC] config file is empty, can not read CA_EAB_KEY_ID
[Tue 06 Dec 2022 04:19:01 PM UTC] config file is empty, can not read CA_EAB_HMAC_KEY
[Tue 06 Dec 2022 04:19:01 PM UTC] config file is empty, can not read CA_EMAIL
[Tue 06 Dec 2022 04:19:01 PM UTC] No EAB credentials found for ZeroSSL, let's get one
[Tue 06 Dec 2022 04:19:01 PM UTC] ^[[1;32macme.sh is using ZeroSSL as default CA now.^[[0m
[Tue 06 Dec 2022 04:19:01 PM UTC] ^[[1;32mPlease update your account with an email address first.^[[0m
[Tue 06 Dec 2022 04:19:01 PM UTC] ^[[1;32macme.sh --register-account -m my@example.com^[[0m
[Tue 06 Dec 2022 04:19:01 PM UTC] See: ^[[1;32mhttps://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA^[[0m
[Tue 06 Dec 2022 04:19:01 PM UTC] _on_issue_err
[Tue 06 Dec 2022 04:19:01 PM UTC] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Tue 06 Dec 2022 04:19:01 PM UTC] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1f  31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.3 on Oct 26 2019 17:42:04
   running on Linux version #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022, release 5.4.0-135-generic, machine x86_64

RUn the command:

sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh) && wget -O - https://get.acme.sh | sh

okay wait it’s updating

while updating there’s an error:

Can't exec "/tmp/ca-certificates.config.wRIICn": Permission denied at /usr/share/perl/5.30/IPC/Open3.pm line 281.
open2: exec of /tmp/ca-certificates.config.wRIICn configure 20211016~20.04.1 failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.

but the installation hasn’t cancelled

Run the command to fix permissions:

wget https://gitlab.com/cyberpaneltoolsnscripts/cyberpanel-fixperms/raw/master/fixperms.sh && chmod +x fixperms.sh && sudo bash ./fixperms.sh -all

Edit reason: One liner is faster and neat

okay, thank you

Fixing perms for root:
------------------------
Fixing website files....
find: ‘/root/public_html’: No such file or directory
find: ‘/root/public_html’: No such file or directory
find: ‘/root/public_html’: No such file or directory
chown: cannot access '/root/public_html/.[^.]*': No such file or directory
chown: cannot access '/root/public_html/*': No such file or directory
Fixing public_html....
chown: cannot access '/root/public_html': No such file or directory
chmod: cannot access '/root/public_html': No such file or directory
Fixing logs....
chown: cannot access '/root/logs': No such file or directory
chmod: cannot access '/root/logs': No such file or directory
find: ‘/root/logs/*’: No such file or directory
Finished!
------------------------

EDIT: usermod: group ‘nobody’ does not exist
this is also an error when updating cyberpanel

Ignore. Try Self Signed cert on Let's encrypt cert - #8 by josephgodwinke and post screenshot

[Tue 06 Dec 2022 04:32:14 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/184676439877/0kCGUw'
[Tue 06 Dec 2022 04:32:14 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue 06 Dec 2022 04:32:15 PM UTC] _ret='0'
[Tue 06 Dec 2022 04:32:15 PM UTC] code='200'
[Tue 06 Dec 2022 04:32:15 PM UTC] trigger validation code: 200
[Tue 06 Dec 2022 04:32:15 PM UTC] Pending, The CA is processing your order, please just wait. (1/30)
[Tue 06 Dec 2022 04:32:15 PM UTC] sleep 2 secs to verify again
[Tue 06 Dec 2022 04:32:18 PM UTC] checking
[Tue 06 Dec 2022 04:32:18 PM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/184676439877/0kCGUw'
[Tue 06 Dec 2022 04:32:18 PM UTC] payload
[Tue 06 Dec 2022 04:32:18 PM UTC] POST
[Tue 06 Dec 2022 04:32:18 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/184676439877/0kCGUw'
[Tue 06 Dec 2022 04:32:18 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue 06 Dec 2022 04:32:18 PM UTC] _ret='0'
[Tue 06 Dec 2022 04:32:18 PM UTC] code='200'
[Tue 06 Dec 2022 04:32:18 PM UTC] electryfy.shop:Verify error:89.105.165.55: Invalid response from http://electryfy.shop/.well-known/acme-challenge/Uncv8iTR1mvA7iKXhsfkV9CrVDLbTmnvz0lnBRwvjKY: 404
[Tue 06 Dec 2022 04:32:18 PM UTC] Debug: get token url.
[Tue 06 Dec 2022 04:32:18 PM UTC] GET
[Tue 06 Dec 2022 04:32:18 PM UTC] url='http://electryfy.shop/.well-known/acme-challenge/Uncv8iTR1mvA7iKXhsfkV9CrVDLbTmnvz0lnBRwvjKY'
[Tue 06 Dec 2022 04:32:18 PM UTC] timeout=1
[Tue 06 Dec 2022 04:32:18 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'

there is a verify error

RUn the command as sudo user or root:

cd ~ && chmod / 755

and try again

COnfirm you have this for that domain

;; ANSWER SECTION:
www.electryfy.shop.     300     IN      CNAME   blutuat1.bounceme.net.
blutuat1.bounceme.net.  60      IN      A       89.105.165.55

I check your cname record, www should point to electryfy.shop not blutuat1.bounceme. net

Change default CA as letsenctypt and request ssl without www domain from cli only if www pointed to other webserver