Recently, CyberPanel users are having issues automatically renewing LetsEncrypt SSL, and instead self signed certificated are generated. Basically the problem happens with newly added domains, that will use ZeroSSL in place of LetsEncrypt by default. This change comes from ACME, not CP and was resolved in this push. Older domains will still continue to renew their certificates through LetsEncrypt.
Here is a quick fix to generate a new SSL and replace the self signed certificate in CyberPanel.
Step 1. Remove the current SSL from vHosts
Either form CyberPanel GUI (Websites > List Websites > Manage > vHosts) or via your favorite text editor open and edit the vhost.conf file:
cd /usr/local/lsws/conf/vhosts/<DOMAIN> nano vhost.conf
From the vHost file remove the vhssl section:
Save the file afterwards and proceed to step 2.
Step 2. reboot litespeed webserver:
From CyberPanel > Server status > LiteSpeed
or via the terminal:
systemctl stop lsws systemctl start lsws
Step 3. Download and setup acme.sh
wget -O - https://get.acme.sh | sh acme.sh --upgrade
From the terminal download the latest acme.sh script, upgrade it and then register for a free account with ZeroSSL:
acme.sh --register-account -m [email protected]
Step 4. Generate a new certificate for your domain name
/root/.acme.sh/acme.sh --issue -d <DOMAIN> -d www.<DOMAIN> --cert-file /etc/letsencrypt/live/<DOMAIN>/cert.pem --key-file /etc/letsencrypt/live/<DOMAIN>/privkey.pem --fullchain-file /etc/letsencrypt/live/<DOMAIN>/fullchain.pem -w /home/<DOMAIN>/public_html --force --debug
After the certificate was successfully generated, certificate public and private keys will be stored in the following path /etc/letsencrypt/live/<DOMAIN>/
Step 5. Copy newly generated SSL to CyberPanel
Go to /etc/letsencrypt/live/<DOMAIN>/ and copy the content of both privkey.pem and cert.pem into CyberPanel > Websites > List Websites > DOMAIN > Add SSL
That’s it, if you’ve followed all steps you should now have a new SSL generated and setup on your website running on CyberPanel.