Does this fix the issue or ?
I mean, that would fix the issue, but that seems to be the cron job to renew SSL certs. I don’t think that will work long term as the certificates won’t renew any longer without the cron job. Right?
I would suggest enabling logging in the account.conf file, and also redirecting that cron output to a log file as well, perhaps /root/.acme.sh/acmecron.log as opposed to /dev/null to help isolate the problem.
It should not. The renewal service should only renew certificates that have expired. thats how acme.sh works.
Ofocurse future renewals wunt work. There is something wrong somewhere but its not acme.sh. If you check their github repo no one is complaining of such issues this looks like its isolated to our cyberpanel ecosystem. Am investigating this
1 Like
I can’t tell for now, so far no complaints. SSL active on all sites.
I am facing the same problem where several websites fail to renew SSL certificates every Sunday, and I have to manually reissue them. Last week, I deleted the following line from my crontab:
7 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null
However, the issue recurred today, and I’m not sure why. I executed the command as root and used the Vim tool to edit the crontab.
#crontab -e
My Ubuntu version is 22.04, and it was installed using Vultr’s CyberPanel one-click installation from the Marketplace.
Now, when I execute
#crontab -e
0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/findBWUsage.py >/dev/null 2>&1
0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup >/dev/null 2>&1
0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup >/dev/null 2>&1
0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/upgradeCritical.py >/dev/null 2>&1
0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1
0 0 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Daily
0 0 * * 0 /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Weekly
*/30 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘30 Minutes’
0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘1 Hour’
0 */6 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘6 Hours’
0 */12 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘12 Hours’
0 1 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘1 Day’
0 0 */3 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘3 Days’
0 0 * * 0 /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py ‘1 Week’
/3 * * * * if ! find /home//public_html/ -maxdepth 2 -type f -newer /usr/local/lsws/cgid -name ‘.htaccess’ -exec false {} +; then systemctl restart lsws; fi
09,39 * * * * /usr/local/CyberCP/bin/cleansessions >/dev/null 2>&1
~
Can someone give me some advice? or I have to install Ubuntu 20.04 is better? Many thanks !
This exactly what has happened to me today. It occurs every 2 weeks (Sundays from 00:00hrs GMT). I’m tired of manually renewing SSL certs every 2 weeks as I have over 150 sites in my VPS.
Hello @josephgodwinke, I just experienced same problem today: SSL certs got reverted to Self signed and I have to go through the stress of re issuing ssl certs manually for over 100 domains in my VPS this morning.
So it seems removing the cron task: 7 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null didn’t work.
What do you suggest I do?
Hello @JosephChuksT @liufunyu @packetdog
You need to remove these cronjobs:
## This checks and renews ssl for domains and child domains
0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1
## This runs the shell script implementing ACME client protocol
7 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null
Ok, thank you very much.
Hopefully this works but I’ll know in 2 weeks time.
Thanks again!
Remove this line 0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1 as suggested by @josephgodwinke
Thank you all very much, I will delete these two lines, and I will reissue SSL after 89 days manually …
Maybe it will be fixed at that time. ^_^"
## This checks and renews ssl for domains and child domains
0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1
## This runs the shell script implementing ACME client protocol
7 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null
Oh, My!
It happened again today!
But I have been removed those two lines 5 days ago!
How about you guys?
I think I should change to Ubuntu20.04 & Cyberpanel 2.3.2 >___<
It happened again today!
Over 150 sites all reverts to self-signed.
This is becoming something else!
I have to be awake every Sunday at 00:00hours just to manually reissue the SSL certs whet they revert to self-signed else I get complaints from my clients.
I updated to the latest Cyberpanel and it seemed the two lines I deleted came back.
## This checks and renews ssl for domains and child domains
0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/renew.py >/dev/null 2>&1
## This runs the shell script implementing ACME client protocol
7 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null
I have removed them and also commented line 17 on /etc/cron.d/certbot
# 0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
Hope it works cos I’m tired of manually reissuing SSL every Sunday!
This happened AGAIN to me, and I did remove those lines from crontab. I really don’t have time to move all my sites, but I’m losing thousands because it keeps taking my stores offline… and this is making customers think “it’s a virus, don’t go there!” because of all the ssl warnings and such. What else could be causing this?
This is my crontab. Any ideas on what is reverting my certs back to self-signed?
0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/findBWUsage.py >/dev/null 2>&1
0 * * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py hourlyCleanup >/dev/null 2>&1
0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup >/dev/null 2>&1
0 2 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/plogical/upgradeCritical.py >/dev/null 2>&1
0 0 * * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Daily
0 0 * * 0 /usr/local/CyberCP/bin/python /usr/local/CyberCP/IncBackups/IncScheduler.py Weekly
*/3 * * * * if ! find /home/*/public_html/ -maxdepth 2 -type f -newer /usr/local/lsws/cgid -name '.htaccess' -exec false {} +; then systemctl restart lsws; fi
09,39 * * * * /usr/local/CyberCP/bin/cleansessions >/dev/null 2>&1
Yup, we have an idea of why it’s happening. See here: [BUG] Self-Signed SSL Certs being Issued for Valid Domains due to Acme.sh Failure · Issue #1044 · usmannasir/cyberpanel · GitHub
Unfortunately I’m not a developer, I don’t know how to trace down how the changes from 2.3.2 to 2.3.3 are related.
If you haven’t already, please add your sentiments to the Github issue.
The best solution is, remove the code which is issuing self-signed SSL from cyberpanel repo. Which is useless.
If someone need self-signed SSL, he can generate it manually and add it via cyberpanel UI,
The same was suggested by me many time but developer need this feature even it’s creating lot of issues.
Also many times I found SSL renew automatically but web server not reloaded hence sites getting SSL expire error in browser.
until issue is fixed use bash script to renew multiple domain ssl at same time also validate existing ones and setup certbot to auto renew
This is very helpful. Thanks. /s
1 Like