Totally lost: Cyberpanel on VPS hosting website and trying to setup email accounts for this domain

CyberPanel: v2.3.1 OS: Centos 7

Hi, very much a beginner and feeling totally lost. I’ve been reading articles for two days straight but none the wiser.

Coming from shared hosting, I purchased VPS hosting and have setup a Wordpress website under the domain intervalle-arts.com.

I’d like to create e-mails for this website so I checked the option “Create Website/Additional features/Create Mail Domain”. This created the domain mail.intervalle-arts.com. I then edited the DNS CNAME (map, step, etc.) and added an MX record to point to this domain. I also added a TXT record with spf. I checked DNS checker after repopulating and everything looks good.

I issued SSL records for both the main domain (intervalle-arts.com) and the child domain (mail.intervalle-arts.com) via let’s encrypt via Cyberpanel OS. Cyberpanel says SSL certs were issued and valid for 89 days.

I debugged via SSH for intervalle-arts.com and mail.intervalle-arts.com and both return that SSL records are issued and stored in their respective folders.

[Fri Dec 2 04:41:43 UTC 2022] Your cert is in: /root/.acme.sh/mail.intervalle-arts.com/mail.intervalle-arts.com.cer
[Fri Dec 2 04:41:43 UTC 2022] Your cert key is in: /root/.acme.sh/mail.intervalle-arts.com/mail.intervalle-arts.com.key
[Fri Dec 2 04:41:43 UTC 2022] The intermediate CA cert is in: /root/.acme.sh/mail.intervalle-arts.com/ca.cer
[Fri Dec 2 04:41:43 UTC 2022] And the full chain certs is there: /root/.acme.sh/mail.intervalle-arts.com/fullchain.cer
[Fri Dec 2 04:41:43 UTC 2022] Installing cert to: /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem
[Fri Dec 2 04:41:43 UTC 2022] Installing key to: /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
[Fri Dec 2 04:41:43 UTC 2022] Installing full chain to: /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
[Fri Dec 2 04:41:43 UTC 2022] _on_issue_success

The problem is, if I try to send a mail, I get a message saying that the R3 SSL certificate for mail.intervalle-arts has expired. According to my mail client:

ISRG Root X1 OK
(middle) R3 OK
mail.intervalle-arts.com R3 EXPIRED

If I check with SSL shopper everything looks good:
intervalle-arts.com SSL Checker
mail.intervalle-arts.com SSL Checker

I am totally new to this and totally lost. Have I done something wrong? Is there an option in Cyberpanel I’m missing? Is the whole mail.intervalle-arts.com domain a crazy idea and shouldn’t work?

Edit: here is SSL LABS report: SSL Server Test: intervalle-arts.com (Powered by Qualys SSL Labs) it gets an “A” ranking.

Edit: I’m also getting the “this site is not private” message and “NET::ERR_CERT_COMMON_NAME_INVALID” when I try to logon to CP OS. This is even though I’m forcing https. Chrome says I have an R3 cert from let’s encrypt issued yesterday and expires 2023. It also says this certificate is not valid.

Here is my cyberpanel LOG file

[12.01.2022_04-10-20] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-12-07] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-12-15] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-16-02] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-22-52] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-22-55] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-23-09] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_08-46-15] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_09-10-15] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_09-10-20] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_09-37-39] We had errors while creating DKIM record for: intervalle-arts.com. Error message: Command ‘[‘cat’, ‘/etc/opendkim/keys/intervalle-arts.com/default.txt’]’ returned non-zero exit status 1.
[12.01.2022_10-28-52] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-28-52] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.01.2022_10-28-58] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-28-58] Trying to obtain SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-02] Successfully obtained SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-02] Websites matching query does not exist. [installSSLForDomain:72]
[12.01.2022_10-29-36] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-29-36] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.01.2022_10-29-42] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.01.2022_10-29-42] Trying to obtain SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-47] Successfully obtained SSL for: mail.intervalle-arts.com
[12.01.2022_10-29-47] {‘email@mail.intervalle-arts.com’: (554, b’5.7.1 email@mail.intervalle-arts.com: Relay access denied’)}
[12.01.2022_10-29-47] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_00-00-04] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.02.2022_02-00-04] Running SSL Renew Utility
[12.02.2022_02-00-04] Checking SSL for intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_02-00-04] Checking SSL for mail.intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_04-20-05] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-05] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_04-20-11] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-11] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-15] Successfully obtained SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-16] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_05-39-13] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_07-43-20] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_08-21-57] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-21-57] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-22-02] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-22-02] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Failed to obtain SSL, issuing self-signed SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_08-22-05] Self signed SSL issued for mail.intervalle-arts.com.
[12.02.2022_08-23-45] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.02.2022_08-23-45] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-23-49] Successfully obtained SSL for: intervalle-arts.com and: www.intervalle-arts.com

Use below web url for testing mail SSL instead of web SSL site tester.

Many thanks for the tip! I out my domain in and got these results:

[000.261] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve X25519 DHE(253 bits)
Certificate #1 of 4 (sent by MX): EXPIRED
Cert VALIDATION ERROR(S): certificate has expired
So email is encrypted but the recipient domain is not verified
ssl : scheme=smtp cert=94173779150800
: identity=mail.intervalle-arts.com cn=mail.intervalle-arts.com alt=2 mail.intervalle-arts.com
Cert Hostname VERIFIED (mail.intervalle-arts.com = mail.intervalle-arts.com | DNS:mail.intervalle-arts.com)
cert not revoked by OCSP
Data:
Version: 3 (0x2)
Serial Number: 04:4a:ac:b7:79:00:5e:60:63:5b:45:50:8a:09:05:b3:6c:a7
Validity:
Not Before: Jul 22 05:41:22 2022 GMT
Not After: Oct 20 05:41:21 2022 GMT
Subject:
commonName = mail.intervalle-arts.com
Issuer:
countryName = US
organizationName = Let’s Encrypt
commonName = R3
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public Key Bits: (256 bit)
Modulus:
40:39:A7:32:05:57:15:D8:DC:46:45:78:42:C9:89:10
CD:17:6D:E7:B5:5F:DD:C4:53:E2:4C:7B:9B:01:4F:87
92:55:4B:17:21:81:D0:77:7E:3D:A4:7D:7F:FC:1E:1E
AE:21:D6:9D:AC:AD:96:5E:F4:51:CA:12:19:56:04:40
0
Exponent: n/a

So, the cert is out of date despite having reissued it multiple times. There are definitely issues with SSLs issued for mail.intervalle-arts.com (see above) but also the “host” as every time I logon to cyberpanel via https I’m told the connection is not private.

Edit: I tried turning mod security but it made no difference to the SSL cert being invalid. If I try to logon through https I get the message “Your connection is not private”. I’ve recently issued multiple SSLs via cyberpanel for “website”, “host”, and “mail server”.

Edit: here are my cyberpanel logs:

[12.01.2022_10-29-47] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_00-00-04] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.02.2022_02-00-04] Running SSL Renew Utility
[12.02.2022_02-00-04] Checking SSL for intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_02-00-04] Checking SSL for mail.intervalle-arts.com.
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.02.2022_02-00-04] SSL exists for mail.intervalle-arts.com and is not ready to renew, skipping…
[12.02.2022_04-20-05] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-05] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_04-20-11] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_04-20-11] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-15] Successfully obtained SSL for: mail.intervalle-arts.com
[12.02.2022_04-20-16] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_05-39-13] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_07-43-20] https://api.github.com/repos/usmannasir/cyberpanel/commits?sha=v2.3.2
[12.02.2022_08-21-57] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-21-57] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-22-02] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.02.2022_08-22-02] Trying to obtain SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Failed to obtain SSL, issuing self-signed SSL for: mail.intervalle-arts.com
[12.02.2022_08-22-04] Websites matching query does not exist. [installSSLForDomain:72]
[12.02.2022_08-22-05] Self signed SSL issued for mail.intervalle-arts.com.
[12.02.2022_08-23-45] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.02.2022_08-23-45] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.02.2022_08-23-49] Successfully obtained SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_00-00-03] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.03.2022_02-00-03] Running SSL Renew Utility
[12.03.2022_02-00-03] Checking SSL for intervalle-arts.com.
[12.03.2022_02-00-03] SSL exists for intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.03.2022_02-00-03] SSL exists for intervalle-arts.com and is not ready to renew, skipping…
[12.03.2022_02-00-03] Checking SSL for mail.intervalle-arts.com.
[12.03.2022_02-00-03] SSL exists for mail.intervalle-arts.com. Checking if SSL will expire in 15 days…
[12.03.2022_02-00-03] SSL exists for mail.intervalle-arts.com and is not ready to renew, skipping…
[12.03.2022_04-23-55] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-23-55] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.03.2022_04-23-59] Successfully obtained SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-27-16] Trying to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.03.2022_04-27-16] /root/.acme.sh/acme.sh --issue -d mail.intervalle-arts.com -d www.mail.intervalle-arts.com --cert-file /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.03.2022_04-27-22] Failed to obtain SSL for: mail.intervalle-arts.com and: www.mail.intervalle-arts.com
[12.03.2022_04-27-22] Trying to obtain SSL for: mail.intervalle-arts.com
[12.03.2022_04-27-23] Failed to obtain SSL, issuing self-signed SSL for: mail.intervalle-arts.com
[12.03.2022_04-27-23] Websites matching query does not exist. [installSSLForDomain:72]
[12.03.2022_04-27-23] Self signed SSL issued for mail.intervalle-arts.com.
[12.03.2022_04-28-07] Trying to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-28-07] /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[12.03.2022_04-28-09] Failed to obtain SSL for: intervalle-arts.com and: www.intervalle-arts.com
[12.03.2022_04-28-09] Trying to obtain SSL for: intervalle-arts.com
[12.03.2022_04-28-12] Successfully obtained SSL for: intervalle-arts.com

Here are my DNS records just in case they might help:

A www 0 93.188.165.29 14400 DeleteEdit
CNAME smtp 0 mail.intervalle-arts.com 14400 DeleteEdit
CNAME ftp 0 intervalle-arts.com 14400 DeleteEdit
CNAME pop 0 mail.intervalle-arts.com 14400 DeleteEdit
CNAME imap 0 mail.intervalle-arts.com 14400 DeleteEdit
A mail 0 93.188.165.29 14400 DeleteEdit
A ns2 0 93.188.165.29 14400 DeleteEdit
A ns1 0 93.188.165.29 14400 DeleteEdit
AAAA @ 0 2a02:4780:1:1::1:86ad 14400 DeleteEdit
TXT @ 0 google-site-verification=JNEY-bL9Ar7W3Nohe4P1p9CjZ9MgQod1x5ASb7d-zBU 14400 DeleteEdit
TXT @ 0 v=spf1 a mx ip4:93.188.165.29 ~all 14400 DeleteEdit
MX @ 10 mail.intervalle-arts.com 14400 DeleteEdit
NS @ 0 ns1.dns-parking.com 14400 DeleteEdit
NS @ 0 ns2.dns-parking.com 14400 DeleteEdit
A @ 0 93.188.165.29 14400 DeleteEdit

Cyberpanel has one big problem, which using force SSL renew even current SSL is valid. In previous SSL renew request cyberpanel replace SSL file with self-signed SSL.
Restore the previous SSL files backup from root/.acme.sh/lookforfolder to actual path
also open the postfilx config file and add/correct SSL path.
Restart all services or restart server.
I can’t explain each point.
If you have little experience about Linux you will get success.

1 Like

Hi, thanks for taking a look and for the advice. I’ll be honest, I have very little experience with Linux, but I’ll spend today researching what you advised and will try my best to solve the issue.

Edit: ran

/root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt

And got:

[Sun Dec 4 07:16:36 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 07:16:36 UTC 2022] Multi domain=‘DNS:intervalle-arts.com,DNS:www.intervalle-arts.com’
[Sun Dec 4 07:16:36 UTC 2022] Getting domain auth token for each domain
[Sun Dec 4 07:16:37 UTC 2022] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: intervalle-arts.com,www.intervalle-arts.com, retry after 2022-12-04T12:59:58Z: see Duplicate Certificate Limit - Let's Encrypt”,
“status”: 429

  1. So the SSL autorenewal run by Cyberpanel has caused Let’s Encrypt to stop issuing certs. I can’t find a button to turn it off. How do I deactivate it? Is there any way around the one week wait until I can issue an SSL cert ?

I have a couple of further questions (@josephgodwinke, perhaps you may be able to help):

  1. Is this something Cyberpanel devs are aware of and have a workaround for? It has definitely increased the leaning curve for Cyberpanel and VPS newbies like myself!

  2. So, both intervalle-arts.com and my mails server mail.intervalle-arts.com have self-signed SSLs, is the resolution the same for both? My mails are bouncing and every time I log onto Cyberpanel I get the “this server is not private” message.

  3. Even if I resolve the auto-renew issue, am I going to have to play guessing games and applying fixes every time an SSL cert expires? I’d like to eventually use this domain for work and having client-facing e-mail addresses and websites stop responding is… well, not really a sustainable model.

Many thanks

Hello @Rofocale Happy you are here

Let’s go step by step. First disassociate CyberPanel with Let’s Encrypt this will help you solve any ssl issue.

First issue as quoted above means Let’s Encrypt Rate Limiting feature is in effect i believe at some point it was 5 issuances every week. Therefore we can see that CyberPanel has failed to reissue SSL several times but we dont know why.

To investigate lets use the command line How to fix SSL issues in CyberPanel - Docs - CyberPanel Community

Here is the command

Kindly post the results here

Have you also checked how many certificates you have in ls /etc/letsencrypt/live/ look for the folders intervalle-arts.com and mail.intervalle-arts.com

and in nano /etc/dovecot/dovecot.conf look up a line of this nature

local_name mail.intervalle-arts.com {
        ssl_cert = </etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
        ssl_key = </etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
}

The above steps will help us understand what the issue is.

1 Like

Hi, @josephgodwinke

Many, many thanks for the reply!

Here are the results from the command:

[Sun Dec 4 10:04:04 UTC 2022] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] Lets find script dir.
[Sun Dec 4 10:04:04 UTC 2022] SCRIPT=‘/root/.acme.sh/acme.sh’
[Sun Dec 4 10:04:04 UTC 2022] _script=‘/root/.acme.sh/acme.sh’
[Sun Dec 4 10:04:04 UTC 2022] _script_home=‘/root/.acme.sh’
[Sun Dec 4 10:04:04 UTC 2022] Using config home:/root/.acme.sh
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v3.0.5
[Sun Dec 4 10:04:04 UTC 2022] Using server: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] Running cmd: issue
[Sun Dec 4 10:04:04 UTC 2022] _main_domain=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:04 UTC 2022] _alt_domains=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:04 UTC 2022] Using config home:/root/.acme.sh
[Sun Dec 4 10:04:04 UTC 2022] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] DOMAIN_PATH=‘/root/.acme.sh/mail.intervalle-arts.com_ecc’
[Sun Dec 4 10:04:04 UTC 2022] Le_NextRenewTime=‘1675052415’
[Sun Dec 4 10:04:04 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] GET
[Sun Dec 4 10:04:04 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:04 UTC 2022] timeout=
[Sun Dec 4 10:04:04 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:04 UTC 2022] ret=‘0’
[Sun Dec 4 10:04:04 UTC 2022] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_AUTHZ
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct
[Sun Dec 4 10:04:04 UTC 2022] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert
[Sun Dec 4 10:04:04 UTC 2022] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
[Sun Dec 4 10:04:04 UTC 2022] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Sun Dec 4 10:04:05 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Dec 4 10:04:05 UTC 2022] _on_before_issue
[Sun Dec 4 10:04:05 UTC 2022] _chk_main_domain=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] _chk_alt_domains=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] Le_LocalAddress
[Sun Dec 4 10:04:05 UTC 2022] d=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] Check for domain=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] _currentRoot=’/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:05 UTC 2022] d=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] Check for domain=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:05 UTC 2022] d
[Sun Dec 4 10:04:05 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Sun Dec 4 10:04:05 UTC 2022] Read key length:ec-256
[Sun Dec 4 10:04:05 UTC 2022] _createcsr
[Sun Dec 4 10:04:05 UTC 2022] Multi domain=‘DNS:mail.intervalle-arts.com,DNS:www.mail.intervalle-arts.com’
[Sun Dec 4 10:04:05 UTC 2022] Getting domain auth token for each domain
[Sun Dec 4 10:04:05 UTC 2022] d=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:05 UTC 2022] d
[Sun Dec 4 10:04:05 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Sun Dec 4 10:04:05 UTC 2022] payload=‘{“identifiers”: [{“type”:“dns”,“value”:“mail.intervalle-arts.com”},{“type”:“dns”,“value”:“www.mail.intervalle-arts.com”}]}’
[Sun Dec 4 10:04:05 UTC 2022] RSA key
[Sun Dec 4 10:04:05 UTC 2022] HEAD
[Sun Dec 4 10:04:05 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Sun Dec 4 10:04:05 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ’
[Sun Dec 4 10:04:05 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:05 UTC 2022] POST
[Sun Dec 4 10:04:05 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Sun Dec 4 10:04:05 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:06 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:06 UTC 2022] code=‘201’
[Sun Dec 4 10:04:06 UTC 2022] Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/472180880/150223890647
[Sun Dec 4 10:04:06 UTC 2022] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/472180880/150223890647
[Sun Dec 4 10:04:06 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/182492963977
[Sun Dec 4 10:04:06 UTC 2022] payload
[Sun Dec 4 10:04:06 UTC 2022] POST
[Sun Dec 4 10:04:06 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/182492963977
[Sun Dec 4 10:04:06 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:06 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:06 UTC 2022] code=‘200’
[Sun Dec 4 10:04:06 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/183791521697
[Sun Dec 4 10:04:06 UTC 2022] payload
[Sun Dec 4 10:04:06 UTC 2022] POST
[Sun Dec 4 10:04:06 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/183791521697
[Sun Dec 4 10:04:06 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:06 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:06 UTC 2022] code=‘200’
[Sun Dec 4 10:04:06 UTC 2022] d=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:06 UTC 2022] Getting webroot for domain=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:06 UTC 2022] _w=’/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] _currentRoot=’/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] entry=‘“type”:“http-01”,“status”:“valid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ",“token”:“h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY”,“validationRecord”:[{“url”:“http://mail.intervalle-arts.com/.well-known/acme-challenge/h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY”,“hostname”:“mail.intervalle-arts.com”,“port”:“80”,“addressesResolved”:[“93.188.165.29”],“addressUsed”:"93.188.165.29”’
[Sun Dec 4 10:04:06 UTC 2022] token=‘h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY’
[Sun Dec 4 10:04:06 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ
[Sun Dec 4 10:04:06 UTC 2022] keyauthorization=‘h5IBBtMxk-_yOOk6WOn9idg6H6cGscotHubi7AZfduY.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M’
[Sun Dec 4 10:04:06 UTC 2022] mail.intervalle-arts.com is already verified.
[Sun Dec 4 10:04:06 UTC 2022] keyauthorization=‘verified_ok’
[Sun Dec 4 10:04:06 UTC 2022] dvlist=‘mail.intervalle-arts.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ#http-01#/usr/local/lsws/Example/html
[Sun Dec 4 10:04:06 UTC 2022] d=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:06 UTC 2022] Getting webroot for domain=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:06 UTC 2022] _w=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:06 UTC 2022] entry=‘“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw",“token”:"EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk”’
[Sun Dec 4 10:04:06 UTC 2022] token=‘EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk’
[Sun Dec 4 10:04:06 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:06 UTC 2022] keyauthorization=‘EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M’
[Sun Dec 4 10:04:06 UTC 2022] dvlist=‘www.mail.intervalle-arts.com#EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M#https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw#http-01#/usr/local/lsws/Example/html
[Sun Dec 4 10:04:06 UTC 2022] d
[Sun Dec 4 10:04:06 UTC 2022] vlist=‘mail.intervalle-arts.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ#http-01#/usr/local/lsws/Example/html,www.mail.intervalle-arts.com#EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M#https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw#http-01#/usr/local/lsws/Example/html,
[Sun Dec 4 10:04:06 UTC 2022] d=‘mail.intervalle-arts.com
[Sun Dec 4 10:04:06 UTC 2022] mail.intervalle-arts.com is already verified, skip http-01.
[Sun Dec 4 10:04:07 UTC 2022] d=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:07 UTC 2022] ok, let’s start to verify
[Sun Dec 4 10:04:07 UTC 2022] mail.intervalle-arts.com is already verified, skip http-01.
[Sun Dec 4 10:04:07 UTC 2022] Verifying: www.mail.intervalle-arts.com
[Sun Dec 4 10:04:07 UTC 2022] d=‘www.mail.intervalle-arts.com
[Sun Dec 4 10:04:07 UTC 2022] keyauthorization=‘EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk.iAHgY0gZ1v7PEclVdnPgVN0-cIxDLzywb2T8yl7Gf3M’
[Sun Dec 4 10:04:07 UTC 2022] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:07 UTC 2022] _currentRoot=‘/usr/local/lsws/Example/html’
[Sun Dec 4 10:04:07 UTC 2022] wellknown_path=‘/usr/local/lsws/Example/html/.well-known/acme-challenge’
[Sun Dec 4 10:04:07 UTC 2022] writing token:EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk to /usr/local/lsws/Example/html/.well-known/acme-challenge/EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk
[Sun Dec 4 10:04:07 UTC 2022] Changing owner/group of .well-known to root:root
[Sun Dec 4 10:04:07 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:07 UTC 2022] payload=‘{}’
[Sun Dec 4 10:04:07 UTC 2022] POST
[Sun Dec 4 10:04:07 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:07 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:07 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:07 UTC 2022] code=‘200’
[Sun Dec 4 10:04:07 UTC 2022] trigger validation code: 200
[Sun Dec 4 10:04:07 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Dec 4 10:04:07 UTC 2022] sleep 2 secs to verify again
[Sun Dec 4 10:04:10 UTC 2022] checking
[Sun Dec 4 10:04:10 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:10 UTC 2022] payload
[Sun Dec 4 10:04:10 UTC 2022] POST
[Sun Dec 4 10:04:10 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:10 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:10 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:10 UTC 2022] code=‘200’
[Sun Dec 4 10:04:10 UTC 2022] www.mail.intervalle-arts.com:Verify error:DNS problem: NXDOMAIN looking up A for www.mail.intervalle-arts.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.mail.intervalle-arts.com - check that a DNS record exists for this domain
[Sun Dec 4 10:04:10 UTC 2022] Debug: get token url.
[Sun Dec 4 10:04:10 UTC 2022] GET
[Sun Dec 4 10:04:10 UTC 2022] url=‘http://www.mail.intervalle-arts.com/.well-known/acme-challenge/EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk
[Sun Dec 4 10:04:10 UTC 2022] timeout=1
[Sun Dec 4 10:04:10 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1’
[Sun Dec 4 10:04:11 UTC 2022] Please refer to libcurl - Error Codes for error code: 6
[Sun Dec 4 10:04:11 UTC 2022] ret=‘6’
[Sun Dec 4 10:04:11 UTC 2022] Debugging, skip removing: /usr/local/lsws/Example/html/.well-known/acme-challenge/EBwWoguz0uFQB3UlD8J2QADo6CklLicS8G_JFUKHejk
[Sun Dec 4 10:04:11 UTC 2022] pid
[Sun Dec 4 10:04:11 UTC 2022] No need to restore nginx, skip.
[Sun Dec 4 10:04:11 UTC 2022] _clearupdns
[Sun Dec 4 10:04:11 UTC 2022] dns_entries
[Sun Dec 4 10:04:11 UTC 2022] skip dns.
[Sun Dec 4 10:04:11 UTC 2022] _on_issue_err
[Sun Dec 4 10:04:11 UTC 2022] Please add ‘–debug’ or ‘–log’ to check more details.
[Sun Dec 4 10:04:11 UTC 2022] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
[Sun Dec 4 10:04:11 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ
[Sun Dec 4 10:04:11 UTC 2022] payload=’{}’
[Sun Dec 4 10:04:11 UTC 2022] POST
[Sun Dec 4 10:04:11 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/182492963977/P7ULaQ
[Sun Dec 4 10:04:11 UTC 2022] _CURL=‘curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:11 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:11 UTC 2022] code=‘200’
[Sun Dec 4 10:04:11 UTC 2022] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:11 UTC 2022] payload=’{}’
[Sun Dec 4 10:04:11 UTC 2022] POST
[Sun Dec 4 10:04:11 UTC 2022] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/183791521697/hcGzhw
[Sun Dec 4 10:04:11 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ’
[Sun Dec 4 10:04:11 UTC 2022] _ret=‘0’
[Sun Dec 4 10:04:11 UTC 2022] code=‘400’
[Sun Dec 4 10:04:11 UTC 2022] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-fips 26 Jan 2017
apache:
apache doesn’t exist.
nginx:
nginx doesn’t exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Jun 23 2017 10:19:11
running on Linux version #1 SMP Tue Jan 25 12:49:12 MSK 2022, release 3.10.0, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#define WITH_READLINE 1
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/
You have new mail in /var/spool/mail/root

Next, the contents of the live/ folder

[root@taro ~]# ls /etc/letsencrypt/live/
Nihon-noir.com mail.Nihon-noir.com mail.nihon-noir.com
intervalle-arts.com mail.intervalle-arts.com nihon-noir.com
[root@taro ~]#

I also found this in dovecot.conf

local_name mail.intervalle-arts.com {
ssl_cert = </etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
}

Here is the issue. DNS problem for mail.intervalle-arts.com. Does this record appear in your CyberPanel DNS records ? Navigate to → https://SERVER_URL:8090/dns/addDeleteDNSRecords if not create it

Your DNS records are ok as reported here DNS Lookup - Check DNS Records

Thanks! My DNS records are actually set in my Hostinger domain panel. There is an AAAA record for the IPv6 address (@) for the server. I’ve check in cyberpanel and there are also a number of entries in there too, but no AAAA record. Do I need one for mail.intervalle-arts.com? Also, should I delete all the cyberpanel DNS entries as I’m using the hostinger namesevers? There’s like a double dozen TXT records all saying the same three things.

CyberPanel generated duplicate records when you do particular actions on CyberPanel that generate DNS records.

Do not delete the records on CyberPanel just delete the duplicates.

From what you have presented I do not believe there is an issue with your DNS records at all.

Netx course of action is arguably the suitable option if all CyberPanel recommended options fail.

We will remove private keys and certificates at the Virtual Host Level for intervalle-arts.com

Go to OLS WebAdmin Console of your server i.e https://SERVER_URL:7080 use admin and password you chose for CyberPanel admin panel

If you cannot log in. Using SSH Terminal run adminPass add new password


Then you delete all private keys and certificates for respective website from server:

$ rm -f /etc/letsencrypt/live/intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem

$ rm -f /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem

$ rm -f /etc/letsencrypt/live/ssl.intervalle-arts.com/privkey.pem && rm -f /etc/letsencrypt/live/ssl.intervalle-arts.com/fullchain.pem

Then issue the ssl for

  1. Go to https://SERVER_IP:8090/manageSSL/manageSSL
  2. Choose intervalle-arts.com
  3. Click on Issue SSL

Then issue SSL for mailserver see below

References:

  1. website ssl, 1 - Issuing SSL for website - Docs - CyberPanel Community
  2. email server ssl 2 - SSL For PostFix/Dovecot - Docs - CyberPanel Community

Sidenote if you can migrate all your accounts to Cyberpnael server running on either AlmaLinux 8.4 or Ubuntu 20.04 LTS. Personally i recommend my customers to avoid Hostinger CyberPanel VPS products

Thanks again!

I’m having trouble with OLS as there is no tab for SSL in the settings page.

EDIT: I wish I hadn’t gone with Hostinger. Unfortunately, they sold me a three year contract and I’m stuck with it. I will migrate as soon as I’m able.

My mistake! I found them under virtual severs.

I used the commands you gave in SSH and then logged out and back in again to OLS but the entries are still there. Does that mean the operation was unsuccessful? I check the files and a cert.pm files is still in (for example) the directory intervalle-arts.com

Hi! I followed the instructions you gave me until he end.

I removed the files from the folders listed by OLS. I checked they’d been removed. I then went into Cyberpanel and reissued SSLs. Unfortunately, they still result in self-signed certs (I check the folders again, and the .pem files were re-added.

I ran the previous script and got these results:

[root@taro intervalle-arts.com]# /root/.acme.sh/acme.sh --issue -d intervalle-arts.com -d www.intervalle-arts.com --cert-file /etc/letsencrypt/live/intervalle-arts.com/cert.pem --key-file /etc/letsencrypt/live/intervalle-arts.com/privkey.pem --fullchain-file /etc/letsencrypt/live/intervalle-arts.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt

[Sun Dec 4 11:56:57 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory

[Sun Dec 4 11:56:57 UTC 2022] Multi domain='DNS:intervalle-arts.com,DNS:www.intervalle-arts.com'

[Sun Dec 4 11:56:57 UTC 2022] Getting domain auth token for each domain

[Sun Dec 4 11:56:58 UTC 2022] **Create new order error. Le_OrderFinalize not found. {**

**"type": "urn:ietf:params:acme:error:rateLimited",**

**"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: intervalle-arts.com,www.intervalle-arts.com, retry after 2022-12-04T12:59:58Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",**

**"status": 429**

**}**

[Sun Dec 4 11:56:58 UTC 2022] **Please add '--debug' or '--log' to check more details.**

[Sun Dec 4 11:56:58 UTC 2022] **See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh**

Hey @Rofocale

Now you can’t renew ssl from LE because you server reached the limit(Rate Limits - Let's Encrypt).
Please share the followings command output

openssl x509 -text -noout -in /root/.acme.sh/intervalle-arts.com_ecc/backup/fullchain.bak | egrep “CN|Issuer|Not Before|Not After”
openssl x509 -text -noout -in /root/.acme.sh/intervalle-arts.com_ecc/fullchain.cer | egrep “CN|Issuer|Not Before|Not After”

openssl x509 -text -noout -in /root/.acme.sh/mail.intervalle-arts.com_ecc/backup/fullchain.bak | egrep “CN|Issuer|Not Before|Not After”

openssl x509 -text -noout -in /root/.acme.sh/mail.intervalle-arts.com_ecc/fullchain.cer | egrep “CN|Issuer|Not Before|Not After”

So we can decide what to do next.

hi, @luckyrajpurohit

Many thanks for the info. I tried the commands you suggested but I get the below message:

-bash: Not: command not found

-bash: Issuer: command not found

-bash: Not: command not found

share screenshot, it seem you made mistake with egrep command.

Sure!

manually replace " by typing the " and run again. if still not working remove ’ | egrep “CN|Issuer|Not Before|Not After”’ the each command