SSL renewed but not being served

I’m running CyberPanel 2.0 Build 3 with OpenLiteSpeed serving multiple sites.

First question: why are there two SSL renewal mechanisms? In root’s crontab, we see:

  • “/root/”/ runs at 12:07am to renew certs that are 60 days old.
  • /usr/local/CyberCP/plogical/ runs at 2am to renew certs that expire in 15 days.

Second question: where are the hooks to restart OpenLiteSpeed after renews a cert? I had a couple sites fail renewal on the first try but the certs were issued on subsequent attempts. However, OpenLiteSpeed is still serving the old certs, which will expire soon.

Each site has a .conf file e.g. /root/ In all of them, the ReloadCmd is empty:


I believe the crontab could use a --reloadcmd parameter, but it does not.

I know I can run “lswsctrl restart” manually, but isn’t it supposed to happen automatically when one or more certs renew?


Mark Berry

by default cyberpanel will not reload /restart litespeed/ other related apps during auto renew, it only reloads during initial SSL install from cyberpanel, seems they handling via pythonscript not via acme reloadcmd method

so you can do the following to issue an SSL this will auto renew SSL as well restart during after successful auto renew

/root/ --issue -d your-domain-name -d www.your-domain-name --cert-file /etc/letsencrypt/live/your-domain-name/cert.pem --key-file /etc/letsencrypt/live/your-domain-name/privkey.pem --fullchain-file /etc/letsencrypt/live/your-domain-name/fullchain.pem -w /home/your-domain-name/public_html --reloadcmd ‘systemctl reload openlitespeed’ --force;

1 Like

Thanks for this info. I’ve been facing this issue for years with Cyberpanel. It’s of my many frustrations with CP, but I’ve come to accept it.

I notice when I use this command now, I get the following output:
Warning: The unit file, source configuration file or drop-ins of openlitespeed.service changed on disk. Run 'systemctl daemon-reload' to reload units.

Fo you have any idea what that’s telling me? Does it mean LS is not reloading? Certainly the SSL certificate being served is still the wrong one (it’s a self-signed cert, rather than the manually updated cert).

Have you recently upgraded OpenLiteSpeed?