SSL issuing fails with Python error "'ascii' codec can't decode byte 0xc3 - ordinal not in range(128)"

mathielo · March 2, 2023, 11:09am

Hello there!

My setup is running the latest version of CyberPanel in CentOS 7:

# From /base/versionManagment
Current Version:  2.3
Build:  3
Current Commit:  71d9109e5912efca917bc574e2207cb5b051b3d7

$ cat /etc/*release
CentOS Linux release 7.9.2009 (Core)

When trying to generate SSL Certificates for mathielo.com via Let’s Encrypt it always ends up with a self-signed certificate as the generation fails at some point apparently in the Python script:

[03.02.2023_10-39-25] Status Code: 200 for: http://www.mathielo.com/.well-known/acme-challenge/mathielo.com
[03.02.2023_10-39-25] Status Code: 200 for: http://mathielo.com/.well-known/acme-challenge/mathielo.com
[03.02.2023_10-39-27] 'ascii' codec can't decode byte 0xc3 in position 18796: ordinal not in range(128) [Failed to obtain SSL. [obtainSSLForADomain]]
[03.02.2023_10-39-27] Self signed SSL issued for mathielo.com.

I tried all suggestions from 1 to 4 in How to fix SSL issues in CyberPanel, but still the issue persists.

Then I tried the suggestion in the “Debugging from command line” section, and it worked! The cert was successfully generated, but not automatically applied to the website. However I still want to understand what’s causing the decoding error and fix it, since it is way more convenient being able to manage certs via the web interface - and also having the automated certificate regeneration.

When researching I found lots of possible issues and their solutions (such as the ones in the article above), but none regarding this specific error. Any clues as to what could be causing it?

josephgodwinke · March 2, 2023, 11:14am

Helo @mathielo

See if this will help Website SSL is self-signed after every month - #2 by josephgodwinke

mathielo · March 13, 2023, 10:44am

Thanks for the link - and sorry I didn’t reply sooner.

Following the proposed suggestion, logging into LiteSpeed, manually re-generating the certificates with /root/.acme.sh/acme.sh command and restarting LiteSpeed did the trick.

However I had to do the manual fix for each and every one of the websites hosted in the server - and will have to do again when it’s time to renew the certificates again.

I was hoping there would be a way to debug what’s going wrong in the python code that is supposed to auto generate and apply the SSL certificates via CyberPanel without the need of the extra manual steps for each website

josephgodwinke · March 13, 2023, 11:02am

Are you running the latest version of cyberpanel ?

mathielo · March 13, 2023, 11:06am

Yes, as mentioned in the OP everything is running at their latest versions I made sure to check before posting.

die2mrw007 · March 27, 2023, 5:57am

Are your domains behind cloudflare proxy by any chance? Have you tried turning off the orange cloud proxy icon for your domain and see if it successfully issues valid ssl?

mathielo · March 27, 2023, 7:54am

No, they are not behind CloudFlare

die2mrw007 · March 27, 2023, 8:45am

Just try to downgrade the python version on your server and see if that resolves it. It seems some unicode encoding issue.

There are major changes in python 2 and python 3…so maybe its failing.

Technically it needs to be fixed from cyberpanel side code once we confirm what exactly is triggering this issue. But as a workaround for now, you can try to downgrade if your server has python3 installed or upgrade to python3 if the server is having python2 installed.

I am currently using ubuntu 22 in production and there I didnt face this mentioned issue.