SSL renewal error - redirect loop

I noticed on some of my domains I have a self-signed certificate instead of the regular SSL let’s encrypt.

I try to generate an SSL certificate through cyperpanel and it says “success” but it still shows as self-signed. I looked in the error logs and I get a message that there are too many redirects for the well-known / acme challenge

I first thought maybe this was a cloudflare thing, but disabling that did not fix the issue.

I then thought maybe there was a redirect in my .htaccess, but I am fairly certain I made sure it won’t redirect for those directories.

The only solution that worked was generating an SSL certificate separately and then manually adding the certificate in cyberpanel.

I can’t see doing this for multiple domains every 90 days. I’ve seen a few other posts with similar issues, but I’m not sure if they are the same actual issue or something else.

Any assistance would be greatly appreciated.

1 Like

Am I the only person still having this problem? I’ve seen other threads with similar issues, and it seems the only solution that worked was to delete the website and create it new. I’m assuming there is a better solution at this time.

2 Likes

I upgraded the version to 2.3.2 and I have the same problem. SSL does not renew. Does not give.

I’m using Amazon audio before the update, mail was working fine. Now when I press the send mail button, even the mail is not sent.

Terminal SS - Before-After email: https://community.cyberpanel.net/uploads/default/original/2X/f/f1240855187ea5646cd6e88143ff95de765706f8.jpeg

Sanappy mail SS: https://community.cyberpanel.net/uploads/default/original/2X/8/8967cdcbce2341442c6d05e535d84d93c16c0f3e.jpeg

I am now having issues with this on my hostname SSL - it was not able to renew with similar errors to my other domains (too many redirects) and so it is now a self-signed certificate, which shows as not private when I try to access cyberpanel.

I’ve gone through the troubleshooting steps (mod security is not enabled), I’ve disabled cloudflare for the domain, checked the vhosts file, and I still get the same too many redirects so it issues a self-signed certificate.

I am thinking this is my limit of troubleshooting and it’s time to move on to another control panel. I do use cloudflare, but I have it disabled for the domain and still get the same errors.

I do not want to re-install cyberpanel and reinstall all of the domains, unless someone has an easy tutorial on how to do this.

whatever you do, do not send any logs so we can diagnose the issue. We can just guess by reading you.

[08.04.2022_03-54-19] Status Code: Unkown for: http://www.subdomain.mydomain.com/.well-known/acme-challenge/subdomainmydomain.com. Error: HTTPConnectionPool(host=‘www.subdomain.mydomain.com’, port=80): Max retries exceeded with url: /.well-known/acme-challenge/subdomain.mydomain.com (Caused by NewConnectionError(‘<urllib3.connection.HTTPConnection object at 0x7f8ff031e670>: Failed to establish a new connection: [Errno -2] Name or service not known’))

[08.04.2022_03-54-19] Status Code: Unkown for: subdomain.mtdomain.com/.well-known/acme-challenge/subdomain.mydomain.com . Error: Exceeded 30 redirects.

[08.04.2022_03-54-20] /root/.acme.sh/acme.sh --issue -d subdomain.mydomain.com-d www.subdomain.mydomain.com --cert-file /etc/letsencrypt/live/subdomain.mydomain.com/cert.pem --key-file /etc/letsencrypt/live/subdomain.mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/subdomain.mydomain.com /fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt

[08.04.2022_03-54-20] Failed to obtain SSL for: subdomain.mydomain.com and: www.subdomain.mydomain.com

[08.04.2022_03-54-20] /root/.acme.sh/acme.sh --issue -d subdomain.mydomain.com --cert-file /etc/letsencrypt/live/subdomain.mydomain.com/cert.pem --key-file /etc/letsencrypt/live/subdomain.mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/subdomain.mydomain.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt

[08.04.2022_03-54-20] Failed to obtain SSL, issuing self-signed SSL for: subdomain.mydomain.com

[08.04.2022_03-54-20] {'email@subdomain.mydomain.com ‘: (554, b’5.7.1 email@subdomain.mydomain.com: Relay access denied’)}

[08.04.2022_03-54-20] Websites matching query does not exist. [installSSLForDomain:72]

[08.04.2022_03-54-20] Self signed SSL issued for subdomain.mydomain.com.

good, crying is for your friends, logs is for solving issues with strangers.

So, I’m trying to parse the complaining, I thought you were having issues with self-signed certificate for your cyberpanel, but now it’s subdomain? Where’s the issue exactly? Did you convert cyberpanel to a subdomain or something?

My cyberpanel is installed on a subdomain.

Ah well that’s important information, I guess @tmoore and @usmannasir always forget to mention this important step if you move your panel to a subdomain, but yeah the function to generate certificate for the panel not gonna magically guess you moved to a subdomain.

I think you’ll have to create a context for /.well-known/acme-challenge that points to /usr/local/lsws/Example/html/.well-known/acme-challenge for that subdomain because that’s where the challenges get written, or maybe change where challenges are written? Otherwise it’ll just redirect ( if your 404 are wrongly configured ) or 404 ( like my correct server ).

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge
}

Then just make sure that subdomain.domain.com/.well-known/acme-challenge correctly point to that location in a browser.

Maybe others have better solutions.

Btw, all the endless redirects are misconfiguration you should fix.

There’s also an issue with cloudflare issued certificates, in that you need to manually copy them from your main domain to the subdomains, or else it messes up everything

I guess that makes sense.

Personally I reverse proxy the panel on a folder ( domain.com/cyberpanel ) so I never had any of those issues.

Anyway should probably fix it, I didn’t check the cloudfare certificate copy tho.

I always had cyberpanel in a subdomain - installed it using the vultr image. It initially created the ssl certificate through my encrypt without any issue.

Then I started getting these issues with renewing certificates on all domains (not subdomain). I manually created certificates for those sites and then added them in the cyoerpanel settings for each website.

Now it apparently was time to renew the hostname ssl and it failed with the above errors (similar to the errors I get for main domains - too many redirects).

I’ve tried troubleshooting the redirect error without any success. I can’t find any code anywhere that is redirecting for those locations, and I’ve even tried creating htaccess code to prevent redirects for those urls without success.

Obviously there is a redirect code somewhere but I don’t know how else to locate where else it would be if not in htaccess.

yeah that’s a very nice story.

Anyway, it’s not that there’s a redirect per-se, is that in your httpd.conf, or vhosts.conf, etc. I’m sure you have something like

errorpage 403 {
  url                     403.html
}

errorpage 404 {
  url                     404.html
}

errorpage 500 {
  url                     500.html
}

but you don’t have any 403.html, 404.html, 500.html so when it tries to redirect to it, can’t find it, making it redirect to 404.html, which doesn’t exist, etc. unlimited loops of redirects. So fix it ( by removing that, or by having a 404.html ).

Good suggestion - led me to a solution. Thanks.

In order to edit the vhost.conf I had to manually edit the file for the subdomain as I can not find a way to edit it directly through the cyberpanel interface. When I added the following to the end, and restarted the litespeed service, I was able to issue a Let’s Encrypt SSL certificate.

Similarly, if I add the below code to the vhost.conf for the regular domains, I can now get it to issue Let’s Encrypt certs.

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge
  allowBrowse             1

  rewrite  {

  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}