Recently, CyberPanel users are having issues automatically renewing LetsEncrypt SSL, and instead self signed certificated are generated. Basically the problem happens with newly added domains, that will use ZeroSSL in place of LetsEncrypt by default. This change comes from ACME, not CP and was resolved in this push. Older domains will still continue to renew their certificates through LetsEncrypt.
Here is a quick fix to generate a new SSL and replace the self signed certificate in CyberPanel.
Step 1. Remove the current SSL from vHosts
Either form CyberPanel GUI (Websites > List Websites > Manage > vHosts) or via your favorite text editor open and edit the vhost.conf file:
cd /usr/local/lsws/conf/vhosts/<DOMAIN>
nano vhost.conf
![MobaXterm Personal 20.3 M1isNKK0jQ - CyberPanel Self-Signed Certificate issue [SOLVED]](https://i0.wp.com/pcx3.com/wp-content/uploads/2021/06/MobaXterm_Personal_20.3_M1isNKK0jQ.png?resize=366%2C172&ssl=1 "CyberPanel Self-Signed Certificate issue [SOLVED]")
From the vHost file remove the vhssl section:
Save the file afterwards and proceed to step 2.
Step 2. reboot litespeed webserver:
From CyberPanel > Server status > LiteSpeed
or via the terminal:
systemctl stop lsws
systemctl start lswsStep 3. Download and setup acme.sh
wget -O - https://get.acme.sh | sh
acme.sh --upgradeFrom the terminal download the latest acme.sh script, upgrade it and then register for a free account with ZeroSSL:
acme.sh --register-account -m your-mail@pcx3.com
Step 4. Generate a new certificate for your domain name
/root/.acme.sh/acme.sh --issue -d <DOMAIN> -d www.<DOMAIN> --cert-file /etc/letsencrypt/live/<DOMAIN>/cert.pem --key-file /etc/letsencrypt/live/<DOMAIN>/privkey.pem --fullchain-file /etc/letsencrypt/live/<DOMAIN>/fullchain.pem -w /home/<DOMAIN>/public_html --force --debugAfter the certificate was successfully generated, certificate public and private keys will be stored in the following path /etc/letsencrypt/live/<DOMAIN>/
Step 5. Copy newly generated SSL to CyberPanel
Go to /etc/letsencrypt/live/<DOMAIN>/ and copy the content of both privkey.pem and cert.pem into CyberPanel > Websites > List Websites > DOMAIN > Add SSL
![add ssl 1024x415 - CyberPanel Self-Signed Certificate issue [SOLVED]](https://i0.wp.com/pcx3.com/wp-content/uploads/2021/06/add-ssl.png?resize=736%2C298&ssl=1 "CyberPanel Self-Signed Certificate issue [SOLVED]")
That’s it, if you’ve followed all steps you should now have a new SSL generated and setup on your website running on CyberPanel.
Hi. This worked to some extent but now having an issue about an incomplete certificate chain that’s causing problems. Pretty sure I followed instructions correctly. Any thoughts?
Can we issued not using ZeroSSL since ZeroSSL now limited to 3 domains only
Worked perfectly for us. Thanks
Well… I prefer to switch back the acme.sh default CA to letsencrypt… I don’t like anything naming itself free but actually having paid plans… In the end will try to switch you to non-free or do some shit… Will never use anything like ZeroSSL or same… If i want something commercial, I just buy a SSL from RapidSSL or Sectigo/Comodo and that’s all…
Many thanks. Works in perfectly
I’m thinking Cyberpanel made some kind of deal with ZeroSSL to drop Let’sEncrypt and make us deal with their paid plans, since it’s only for 3 domains for free.
This is bullshit.
Where do i find this root /etc/…?
/etc/letsencrypt/live// is just a directory where generated keys will be stored, so you need to create it or use already existing directory, for example /root
thanks for this tutorial, had some major headaches with this.