Updates 8/4/2022 – Cyberpanel now has a page with solutions for SSL problems, and I managed to find a solution that worked for me.
I’ve noticed that several of my SSL certificates say they are “self-signed” instead of a full regular SSL certificate. I had zero issues with my original cpanel host, but started to have issues with my second cpanel host – where it could not renew my SSL certificates for all of my subdomains if I had cloudflare active.
So I thought maybe this was a cloudflare issue. I tried to renew the SSL certificate through the cyberpanel interface and it says that it generated an SSL. However, when I look at the specifics for the website, it shows that it is a self-signed certificate.
I went into the log files and found a message that looked like:
Status Code: Unkown for: http://www.mydomain.com/.well-known/acme-challenge/mydomain.com. Error: Exceeded 30 redirects.
Failed to obtain SSL, issuing self-signed SSL for: mydomain.com
Based on the “exceeded 30 redirects” message, I assumed it was something in my .htaccess or another setting causing an infinite loop of redirects. I tried making changes to my .htaccess to make sure that the .well-known/acme-challenge would be excluded from redirects, but I was unable to make it work.
I then thought maybe it was cloudflare – I tried first bypassing cloudflare without success. I then completely removed cloudflare by changing my nameservers. Interestingly, even that didn’t work. Very frustrating.
I tried disabling all of my plugins and I still couldn’t get it to work.
Update 8/4/22 – solution that does work from the above linked page – it turns out that there are other redirects in addition to those in the .htaccess file. You can have redirects in the vhost conf file. In the cyberpanel interface you can edit that file in the specific website’s settings. At the end of the vhost conf file, you need to add:
context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
allowBrowse 1
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
}
Click save, and then try issuing an SSL certificate again. That worked for me.
I finally found this solution when I was having problems with accessing the cyberpanel interface which I had installed on a subdomain. After 90 days when it went to renew the SSL certificate, it failed and issued a self-signed certificate. I was not sure how to manually create a Let’s Encrypt certificate and install it, so I looked to see if there were any new solutions. I came across the Cyberpanel SSL troubleshooting page and working through the solutions finally seems to have fixed my issue.
Below is the solution from my original post with a work-around that did work, but is far more work and not something I’d want to do every 90 days.
<from original post> The final solution that I got to work, which works even with cloudflare enabled, was to generate an SSL certificate through the Really Simple SSL plug-in and then manually enter the certificate information into cyberpanel directly.
In the Really Simple SSL plugin, there is an option to generate an SSL certificate. The first time I tried, it failed at the last step, after completing the 5 tries. The error was something similar to what was described in this post. I had to add &reset-letsencrypt=1 to the end of the URL and refresh it, then it went through the SSL generation again and this time it worked.
I could then copy the information from the result screen and insert it into the cyberpanel website settings under “Add SSL”
I have no idea why Really Simple SSL plugin is able to generate a let’s encrypt SSL certificate for my domain, but cyberpanel could not. It’s definitely going to be frustrating if very 90 days I have to manually paste the certificate information for each domain.