ZeroSSL vs Let’s Encrypt in CyberPanel

Support and Discussion
,
1

Hello @usmannasir

:warning: CyberPanel serving expired ZeroSSL cert even after reissuing Let’s Encrypt.

Environment
OS: AlmaLinux 9

Panel: CyberPanel (OpenLiteSpeed) ver. 2.4.4

SSL: ZeroSSL, Let’s Encrypt

DNS: Cloudflare Free (DNS-only for sub-sub-domains)

:red_exclamation_mark: Problem
One specific sub-sub-domain was showing:

Browser: Not Secure

Issuer: ZeroSSL

Status: Expired

Even though:

Let’s Encrypt certificate exists in
/etc/letsencrypt/live//

CyberPanel UI shows SSL issued successfully

Other sub-sub-domains work fine with Let’s Encrypt

Cloudflare is DNS-only (not proxied).

Reissuing SSL from CyberPanel did not fix it.

Hope to get back the response soon.

Regards,

2

I believe you are facing the same issue I have bumped into.

New certificates now are issued by amce.sh. I think the CP dev swapped from certbot-type solution to amce.sh, but this is my guess or assumption.

I created this script:

#!/bin/bash
DOMAIN=$1
if [ "x$DOMAIN" == "x" ]; then
        echo "Usage: $0 <DomainName>"
        exit 0
fi

LETSENCRYPT_PATH=/etc/letsencrypt/live
ACMESH_PATH=/root/.acme.sh

# Remove the 2 files
rm -f $LETSENCRYPT_PATH/$DOMAIN/{fullchain.pem,privkey.pem}

# Copy the files from the acme.sh source
cp $ACMESH_PATH/${DOMAIN}_ecc/fullchain.cer $LETSENCRYPT_PATH/$DOMAIN/fullchain.pem
cp $ACMESH_PATH/${DOMAIN}_ecc/${DOMAIN}.key $LETSENCRYPT_PATH/$DOMAIN/privkey.pem

echo "$DOMAIN - SSL certifcate copied."

Save it to /root/bin/fix_cyberpanel_ssl.sh

Then use it as follows: fix_cyberpanel_ssl.sh <domain_name> where <domain_name> is the actual domain you want to fix.

The script is VERY VERY basic but it get the SSL certificate files from the “new” folder to the “old” folder which at least temporarily solves the issue.

This is not automated and it means you have to manually run it or add it to the cron to run every few days.