SSL on cyberpanel shown as insecure

Support and Discussion
1

My new install of cyberpanel thru Digital ocean always shows insecure even though the IP in the top of the sidebar menu shows in green. The Wordpress site that uses the domain name is also secure and the Certificate is showing as issued by organisation Lets Encrypt as expected.

I’ve gone through all recommended debugging in this article: How to fix SSL issues in CyberPanel - non seem to work for me; Cyberpanel still show as insecure in all browsers after clearing cache, restarting my droplet etc. I notice that the Certificate info shows:

Common Name (CN) webadmin
Organisation (O) LiteSpeedCommunity
Organisational Unit (OU) Testing
Common Name (CN) webadmin
Organisation (O) LiteSpeedCommunity
Organisational Unit (OU) Testing

I thought the certificate should be Lets Encrypt too?

I’m really anoob to VPS and cyberpanel and got this far following tutorials so this has stumped me for 2 days now - BTW is it normal that Ram Usage is 62% permanently? - any help appreciated

2

Welcome @enelee Happy you are here

Sorry for this you should have raised a topic here after a day. Install htop

apt install -y htop || yum install -y htop

Reboot your server and open htop using command htop and look out for memory usage indicated by Mem% and respective process e.g. see highlighted mysqld process in light blue


Post a screenshot of ssh terminal after doing the following:

  1. Running htop on putty/ssh client
  2. Waiting for 30 seconds

Possible solutions:

A. If you are using php

  1. Open SSH terminal using any client
  2. log in as a sudo user or root
  3. copy this command as is:
$ rm -rf /var/lib/lsphp/session/lsphp73; mkdir -p /var/lib/lsphp/session/lsphp73; chmod 1733 /var/lib/lsphp/session/lsphp73
$ rm -rf /var/lib/lsphp/session/lsphp74 && mkdir -p /var/lib/lsphp/session/lsphp74 && chmod 1733 /var/lib/lsphp/session/lsphp74
$ rm -rf /var/lib/lsphp/session/lsphp80 && mkdir -p /var/lib/lsphp/session/lsphp80 && chmod 1733 /var/lib/lsphp/session/lsphp80
$ rm -rf /var/lib/lsphp/session/lsphp81 && mkdir -p /var/lib/lsphp/session/lsphp81 && chmod 1733 /var/lib/lsphp/session/lsphp81

If this works then run this script to add a cronjob to remove php sessions:

sh <(curl https://raw.githubusercontent.com/josephgodwinkimani/cyberpanel-mods/main/cyberpanel_sessions_cronjob.sh || wget -O - https://raw.githubusercontent.com/josephgodwinkimani/cyberpanel-mods/main/cyberpanel_sessions_cronjob.sh)

B. if its high memory usage by mariadb

Run nano /etc/my.cnf and set

[mysqld]
user= mysql
pid-file= /var/lib/mysql/mysql.pid
socket= /var/lib/mysql/mysql.sock
port= 3306
datadir= /var/lib/mysql

open_files_limit=50000
max_allowed_packet=268435456

skip-name-resolve=1
innodb_buffer_pool_size=1G

innodb_log_file_size=256M
innodb_flush_method=O_DIRECT
innodb_io_capacity=1000
innodb_old_blocks_time=1000
innodb_open_files=5000

key_buffer_size=16M
read_buffer_size=256K
read_rnd_buffer_size=256K
query_cache_size=256M
query_cache_limit=5M
join_buffer_size=4M
sort_buffer_size=4M
max_heap_table_size=64M
tmp_table_size=64M
table_open_cache=4500
table_definition_cache=4000
thread_cache_size=50

Then make the following changes High Memory | High Ram - #2 by josephgodwinke

Check this out MariaDB / MySQL Tweaks As Default & Option

Basically run nano /etc/my.cnf use the keyboard shortcut CTRL+W to search for skip-name-resolve and comment it out. Restart mariadb systemctl restart mysqld

RUn

sh <(curl https://raw.githubusercontent.com/josephgodwinkimani/cyberpanel-mods/main/selfsigned_fixer.sh || wget -O - https://raw.githubusercontent.com/josephgodwinkimani/cyberpanel-mods/main/selfsigned_fixer.sh)

OR

Kindly follow the instructions as written here

Go to OLS WebAdmin Console of your server i.e https://SERVER_URL:7080 use admin and password you chose for CyberPanel admin panel

If you cannot log in. Using SSH Terminal run adminPass add new password

ols

Then you delete all private keys and certificates for respective website from server:

$ rm -f /etc/letsencrypt/live/apha.dk/privkey.pem && rm -f /etc/letsencrypt/live/apha.dk/fullchain.pem

Then run this command:

$ /root/.acme.sh/acme.sh --issue -d apha.dk -d www.apha.dk --cert-file /etc/letsencrypt/live/apha.dk/cert.pem --key-file /etc/letsencrypt/live/apha.dk/privkey.pem --fullchain-file /etc/letsencrypt/live/apha.dk/fullchain.pem -w /usr/local/lsws/Example/html --force --debug

Post screenshot of your terminal after above command

Go back to OLS and add the privatekey /etc/letsencrypt/live/apha.dk/privkey.pem and fullchain /etc/letsencrypt/live/apha.dk/fullchain.pem links to the vHost of the domain

ols

3

Hi @ josephgodwinke,
Ok Thanks for the detailed and thorough explanations. Before trying your help guide i had to address some issues with broken ssh in DO and eventually, since it was a new empty WP install i decided to tear the droplet down and try again from scratch.

I had some down time today and reinstalled everything and,boom! everything is better now ( i think the RAM issue was down to the package i chose so i upgraded to the $12 package. However the SSL problem persists so i ran the advice again from the article, “How to fix SSL issues in CyberPanel” and ran the debug script. It produced almost identical output as first time except for a bunch of ‘red’ error line aha! Apparently i’ve hit the, Duplicate Certificate limit of 5 per week with Lets Encrypt ( not surprised, i hit the ‘Issue SSL’ button over and over after trying each step of the ‘fixing’ process. I can happily wait the 7 days for the time-out to clear and ill try again.

Many thanks for your suggestions; ill keep them noted.