CyberPanel Self-Signed Certificate issue [SOLVED]

CyberPanel Self-Signed Certificate issue [SOLVED]

Recently, CyberPanel users are having issues automatically renewing LetsEncrypt SSL, and instead self signed certificated are generated. Basically the problem happens with newly added domains, that will use ZeroSSL in place of LetsEncrypt by default. This change comes from ACME, not CP and was resolved in this push. Older domains will still continue to renew their certificates through LetsEncrypt.

Here is a quick fix to generate a new SSL and replace the self signed certificate in CyberPanel.

Step 1. Remove the current SSL from vHosts

Either form CyberPanel GUI (Websites > List Websites > Manage > vHosts) or via your favorite text editor open and edit the vhost.conf file:

cd /usr/local/lsws/conf/vhosts/<DOMAIN>
nano vhost.conf

MobaXterm Personal 20.3 M1isNKK0jQ - CyberPanel Self-Signed Certificate issue [SOLVED]

From the vHost file remove the vhssl section:

Edit vHosts file in nano editor
Edit vHosts file in nano editor

Save the file afterwards and proceed to step 2.

Edit vHosts file via GUI
Edit vHosts file via GUI

Step 2. reboot litespeed webserver:

From CyberPanel > Server status > LiteSpeed

Reboot litespeed in cyberpanel
Reboot litespeed in cyberpanel

or via the terminal:

systemctl stop lsws
systemctl start lsws

Step 3. Download and setup acme.sh

wget -O - https://get.acme.sh | sh
acme.sh --upgrade

From the terminal download the latest acme.sh script, upgrade it and then register for a free account with ZeroSSL:

acme.sh --register-account -m your-mail@pcx3.com

Step 4. Generate a new certificate for your domain name

/root/.acme.sh/acme.sh --issue -d <DOMAIN> -d www.<DOMAIN> --cert-file /etc/letsencrypt/live/<DOMAIN>/cert.pem --key-file /etc/letsencrypt/live/<DOMAIN>/privkey.pem --fullchain-file /etc/letsencrypt/live/<DOMAIN>/fullchain.pem -w /home/<DOMAIN>/public_html --force --debug

After the certificate was successfully generated, certificate public and private keys will be stored in the following path /etc/letsencrypt/live/<DOMAIN>/

Step 5. Copy newly generated SSL to CyberPanel

Go to /etc/letsencrypt/live/<DOMAIN>/ and copy the content of both privkey.pem and cert.pem into CyberPanel > Websites > List Websites > DOMAIN > Add SSL

ssl files
ssl files
add ssl 1024x415 - CyberPanel Self-Signed Certificate issue [SOLVED]

That’s it, if you’ve followed all steps you should now have a new SSL generated and setup on your website running on CyberPanel.

whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.

9 comments
  • Hi. This worked to some extent but now having an issue about an incomplete certificate chain that’s causing problems. Pretty sure I followed instructions correctly. Any thoughts?

  • Well… I prefer to switch back the acme.sh default CA to letsencrypt… I don’t like anything naming itself free but actually having paid plans… In the end will try to switch you to non-free or do some shit… Will never use anything like ZeroSSL or same… If i want something commercial, I just buy a SSL from RapidSSL or Sectigo/Comodo and that’s all…

  • I’m thinking Cyberpanel made some kind of deal with ZeroSSL to drop Let’sEncrypt and make us deal with their paid plans, since it’s only for 3 domains for free.

    This is bullshit.

    • /etc/letsencrypt/live// is just a directory where generated keys will be stored, so you need to create it or use already existing directory, for example /root