Self-Signed Certificate after 2.3.3 Upgrade

Hello,

I’ve been using Cyberpanel for around 9 months, and have all of paid addon packs loaded. Everything has been fine, and as the version management tab shows updates are available, I take some time to update using the update script. I also update the Ubuntu Server (22.04 I believe) with all of the packages, and restart. I’ve done that at least 3 times prior to this time without issue. With the latest release I took the same steps as before and updated Cyberpanel, and Ubuntu packages, and rebooted. Sites came up fine, so I thought I was good, until today. It looks like the sites all reverted to a self signed certificate. I’m going through the process to issue new SSL certs for each, but I’m not sure why this happened, and I’m not sure if this will auto-renew. Does anyone have any ideas on what I should be checking?

Thanks,
-pd

Hello @packetdog Happy New Year

We encourage you start by looking through the forum for topics such as yours.

See this Website SSL is self-signed after every month - #2 by josephgodwinke

can you show me vhost confrigrqations?

FYI- Continuing this here: Failed to obtain SSL, issuing self-signed SSL for domain.tld - #8 by JosephChuksT

Thank you. But I have over 150 sites in my VPS.
After the recent revert of SSL certs to selfsigned, I had to re issue SSL to all the site one after the other manually.

I don’t know what causes the SSL certs to revert to selfsigned after some time (2 weeks), but I have removed the cron job that runs 12:00am: /tmp/crontab.yrbS1G/crontab

This line:
7 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null

Does this fix the issue or ?

I mean, that would fix the issue, but that seems to be the cron job to renew SSL certs. I don’t think that will work long term as the certificates won’t renew any longer without the cron job. Right?

I would suggest enabling logging in the account.conf file, and also redirecting that cron output to a log file as well, perhaps /root/.acme.sh/acmecron.log as opposed to /dev/null to help isolate the problem.

It should not. The renewal service should only renew certificates that have expired. thats how acme.sh works.

Ofocurse future renewals wunt work. There is something wrong somewhere but its not acme.sh. If you check their github repo no one is complaining of such issues this looks like its isolated to our cyberpanel ecosystem. Am investigating this

1 Like

I can’t tell for now, so far no complaints. SSL active on all sites.