CyberPanel Community

SSL certificate error

lu
lucas #1

Install the certificate correctly. You could only enter my certified website by searching for “https://freedomk.art” if you searched as “freedomk.art” or “www.freedomk.art” it opened as a non-secure site, that is, without certification. What I did was make a new rule and add these two lines of code that redirect the traffic from http to https.

RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

now the secure site does not open directly for me, not even searching for “https://freedomk.art” I mean, it always opens it without certification, but in the cyber panel it appears that I have more than 3700 days with the active certificate

30 replies
si
si668p #2

same here

NET::ERR_CERT_AUTHORITY_INVALID

si
si668p #4

i want to share results but cannot…this forum wont let me

jo
josephgodwinke #5

Take a screenshot and upload it here or just copy paste what you see

lu
luckyrajpurohit #6

The issued SSL is self-signed SSL. Run the SSL command with --debug option.
You can copy SSL command from /home/cyberpanel/something.log.

If you will have successfully issue an SSL restart the webserver by “service lsws restart” command otherwise check the reason of not accessing file written by SSL command

jo
josephgodwinke #8

Let’s remove the ssl certificate

$ rm -f /etc/letsencrypt/live/obrtnik.net/privkey.pem && rm -f /etc/letsencrypt/live/obrtnik.net/fullchain.pem

and reinstall it through CyberPanel:

  1. Go to https://SERVER_URL:8090/manageSSL/manageSSL
  2. Choose obrtnik.net
  3. Click on Issue SSL
si
si668p #9

removal does not work

jo
josephgodwinke #10

What is the error on your terminal

si
si668p #12

its on centos 7

jo
josephgodwinke #20

You need to remove private keys and certificates at the Virtual Host Level


Then you delete all private keys and certificates for respective website and hostname from server:

$ rm -f /etc/letsencrypt/live/obrtnik.net/privkey.pem && rm -f /etc/letsencrypt/live/obrtnik.net/fullchain.pem

$ rm -f /etc/letsencrypt/live/server.obrtnik.net/privkey.pem && rm -f /etc/letsencrypt/live/server.obrtnik.net/fullchain.pem

$ rm -f /etc/letsencrypt/live/mail.obrtnik.net/privkey.pem && rm -f /etc/letsencrypt/live/mail.obrtnik.net/fullchain.pem

Then resissue the CyberPanel way:

  1. Go to https://server.obrtnik.net:8090/manageSSL/sslForHostName
  2. Choose obrtnik.net
  3. Click on Issue SSL

do the same for hostname: https://server.obrtnik.net:8090/manageSSL/sslForHostName

si
si668p #21

no success

si
si668p #23

the same as before

si
si668p #26

[11.03.2022_18-15-35] /root/.acme.sh/acme.sh --issue -d obrtnik.net -d www.obrtnik.net --cert-file /etc/letsencrypt/live/obrtnik.net/cert.pem --key-file /etc/letsencrypt/live/obrtnik.net/privkey.pem --fullchain-file /etc/letsencrypt/live/obrtnik.net/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[11.03.2022_18-15-35] Failed to obtain SSL for: obrtnik.net and: www.obrtnik.net
[11.03.2022_18-15-35] Trying to obtain SSL for: obrtnik.net
[11.03.2022_18-15-43] Failed to obtain SSL, issuing self-signed SSL for: obrtnik.net
[11.03.2022_18-15-43] Self signed SSL issued for obrtnik.net.

si
si668p #27

2022-11-03 19:19:26.167978 [INFO] [60528] [Module:mod_security] setSecRule value: /usr/local/lsws/conf/modsec/rules.conf, type: 2
2022-11-03 19:19:26.168639 [INFO] [60528] [Module: modcompress 1.1] has been initialized successfully
2022-11-03 19:19:26.168768 [INFO] [60528] [Module: moddecompress 1.1] has been initialized successfully
2022-11-03 19:19:26.169087 [INFO] [60528] [Module: cache 1.64] has been initialized successfully
2022-11-03 19:19:26.169253 [INFO] [60528] [Module: mod_security mod_security 1.4] has been initialized successfully
2022-11-03 19:19:26.169311 [ERROR] [60528] Path for certificate file is invalid: /usr/local/lsws/admin/conf/webadmin.crt
2022-11-03 19:19:26.169336 [ERROR] [60528] [config:admin:listener] No listener is available for admin virtual host!
2022-11-03 19:19:26.169750 [ERROR] [60528] Fatal error in configuration, exit!

jo
josephgodwinke #29

After removing obrtnik.net domain ssl certificates completely from your server and reissuing via cyberpanel fails:

$ /root/.acme.sh/acme.sh --issue -d obrtnik.net --cert-file /etc/letsencrypt/live/obrtnik.net/cert.pem --key-file /etc/letsencrypt/live/obrtnik.net/privkey.pem --fullchain-file /etc/letsencrypt/live/obrtnik.net/fullchain.pem -w /usr/local/lsws/Example/html --force --debug
lu
luckyrajpurohit #30
  1. Create file anything.txt in /usr/local/Example/html/.well-known/acme-challenge/ and try to access it via yourdomain.com is available for purchase - Sedo.com
  2. If point 1 is working then run SSL command otherwise verify the vhost config context for the .well-known if not there create it or ask for context code

Note: the SSL verify file will not open in browser if site is using openlitespeed as proxy to other webserver with / path.

Try and let me know result :blush:

da
daniela #31

For the error NET:ERR_CERT_AUTHORITY_INVALID in web browsers indicates a problem with the website’s SSL certificate, meaning the browser can’t verify its authenticity. This typically suggests an issue with the certificate authority (CA), the expired certificate, or a mismatch between the domain and certificate. You shouldn’t get this issue unless you haven’t installed a certificate or are utilizing HTTP, which isn’t recommended for your website. There are many different ways to fix the error, which you need to understand in details.

I hope it helps!

Sign in to reply