Hello i have a problem after update to last version of CyberPanel the ssl don’t work for www domain . How about to fix it ?
I’ve been saying this problem for 2 days and no one cares. I’m pretty sure they blundered it on purpose so they could sell SSLV2 for money. great injustice
It’s not true. I can help you if you are available right now and able to share the screen.
I’ve been using cyberpanel for about 6 months and the SSL issuance process is done by pressing a single button, I guess we can’t be too stupid to do that? I updated it to the latest version, SSL certificates of all domains on the server have dropped, then when it wants to give SSL again, it waits and gives silly errors such as could not connect to the server.
I have an open issue on github with this and submitted my logs this morning so it should be addressed soon.
The problem is that it’s trying to assign SSL with sslv2 first and then fallback to sslv1 but it’s not working. I t seems that the SSLv2 fails because it’s trying DNS verification with cloudflare and keeps trying over and over so the request limit is reached so when it falls back to the sslv1, that also fails because the limit is reached for max requests for your domain.
I have this script I use to generate certificates using zero ssl
#!/bin/bash
if [ "$1" == "" ]; then
echo -e "Must have a domain. e.g. $0 example.com"
exit
fi
#letsencrypt - uncomment the following lines to use letsencrypt instead
#/root/.acme.sh/acme.sh --issue -d $1 --cert-file /etc/letsencrypt/live/$1/cert.pem --key-file /etc/letsencrypt/live/$1/privkey.pem --fullchain-file /etc/letsencrypt/live/$1/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt --debug
#zerossl - uncomment the following lines to use zerossl instead
/root/.acme.sh/acme.sh --set-default-ca --server zerossl
/root/.acme.sh/acme.sh --register-account -m [email protected]
/root/.acme.sh/acme.sh --issue -d $1 --cert-file /etc/letsencrypt/live/$1/cert.pem --key-file /etc/letsencrypt/live/$1/privkey.pem --fullchain-file /etc/letsencrypt/live/$1/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --server zerossl --debug
service lsws restart
replace [email protected] with your actual email address
I have no idea what to do with the file you shared, I’m not that professional, but what you’re describing is very true and logical, I’ve been saying it for days. We’ve had an SSL problem since the day SSLv2 came out and it broke it on purpose, and now it doesn’t fix it so everyone can buy SSLv2. This is very unfair.
To use the file, follow these instructions.
- Log into SSH via root or a sudoer user.
- Execute the following:
nano ssl.sh
[Paste the contents of the file, change the email address to your email address and hit Ctrl+O to save]
chmod +x ssl.sh
./ssl.sh domain.com
This will generate a ZeroSSL certificate for one specific domain, this will work temporarily until they fix the SSL.
If you prefer to use letsencrypt, uncomment the letsencrypt line and comment out the 3 lines under zerossl
And how to generate for domain.com and www.domain.com ??
The following will do both domain.com and www.domain.com
#!/bin/bash
if [ "$1" == "" ]; then
echo -e "Must have a domain. e.g. $0 example.com"
exit
fi
#letsencrypt - uncomment the following lines to use letsencrypt instead
#/root/.acme.sh/acme.sh --issue -d $1 -d www.$1 --cert-file /etc/letsencrypt/live/$1/cert.pem --key-file /etc/letsencrypt/live/$1/privkey.pem --fullchain-file /etc/letsencrypt/live/$1/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt --debug
#zerossl - uncomment the following lines to use zerossl instead
/root/.acme.sh/acme.sh --set-default-ca --server zerossl
/root/.acme.sh/acme.sh --register-account -m [email protected]
/root/.acme.sh/acme.sh --issue -d $1 -d www.$1 --cert-file /etc/letsencrypt/live/$1/cert.pem --key-file /etc/letsencrypt/live/$1/privkey.pem --fullchain-file /etc/letsencrypt/live/$1/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --server zerossl --debug
service lsws restart
This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.