search

usmannasir / cyberpanel

Cyber Panel - The hosting control panel for OpenLiteSpeed
GNU General Public License v3.0
1.48k stars 576 forks source link

[BUG] SSL Renewal Says SSL Issued Succesfully When It Failed #1269

Closed shmaltz closed 3 weeks ago

shmaltz commented 1 month ago

I'm using v2.3.5, and when I try to issue an SSL to a website, even when SSL fails to get issued, it still says it succeeded. It should instead say it failed, and it should show the error message.

Also, I noticed my SSLs never auto renew, and I have to do it manually. Is it supposed to be this way, or am I supposed to set up a cron?

usmannasir commented 1 month ago

Can you show vhost conf and rewrite rules

shmaltz commented 1 month ago

I got it to work by disabling Cloudflare proxy. Is there any way for it to work if it's enabled?

shmaltz commented 1 month ago

I am trying to get an SSL for another domain and it's still not working (even though Cloudflare proxy is off).

Here is the info you requested:

VHost Conf docRoot $VH_ROOT/public_html vhDomain $VH_NAME vhAliases www.$VH_NAME adminEmails email@gmail.com enableGzip 1 enableIpGeo 1

index { useServer 0 indexFiles index.php, index.html }

errorlog $VH_ROOT/logs/$VH_NAME.error_log { useServer 0 logLevel WARN rollingSize 10M }

accesslog $VH_ROOT/logs/$VH_NAME.access_log { useServer 0 logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" logHeaders 5 rollingSize 10M keepDays 10
compressArchive 1 }

scripthandler { add lsapi:myuser php }

extprocessor myuser { type lsapi address UDS://tmp/lshttpd/myuser.sock maxConns 10 env LSAPI_CHILDREN=10 initTimeout 600 retryTimeout 0 persistConn 1 pcKeepAliveTimeout 1 respBuffer 0 autoStart 1 path /usr/local/lsws/lsphp82/bin/lsphp extUser myuser extGroup myuser memSoftLimit 2047M memHardLimit 2047M procSoftLimit 400 procHardLimit 500 }

phpIniOverride { php_admin_value open_basedir "/tmp:$VH_ROOT" }

module cache { storagePath /usr/local/lsws/cachedata/$VH_NAME }

rewrite { enable 1 autoLoadHtaccess 1 }

context /.well-known/acme-challenge { location /usr/local/lsws/Example/html/.well-known/acme-challenge allowBrowse 1

rewrite { enable 0 } addDefaultCharset off

phpIniOverride {

} }

vhssl { keyFile /etc/letsencrypt/live/domain.com/privkey.pem certFile /etc/letsencrypt/live/domain.com/fullchain.pem certChain 1 sslProtocol 24 enableECDHE 1 renegProtection 1 sslSessionCache 1 enableSpdy 15 enableStapling 1 ocspRespMaxAge 86400 }

Rewrite Rules

Rewrite Rules Added by CyberPanel Rewrite Rule Generator

RewriteEngine On RewriteCond %{HTTP_HOST} ^www.(.)$ RewriteRule ^(.)$ http://%1/$1 [L,R=301]

End CyberPanel Generated Rules.

usmannasir commented 3 weeks ago

Disable open_basedir protection, it should be fine.

shmaltz commented 3 weeks ago

Thank you @usmannasir. Can we add a feature to automatically turn off and on open_basedir protection when renewing SSLs?

Also, when the SSL fails, can you please make it show an error, because currently it says it renewed successfully even when it fails. It would be nice to also be able to get an email when it fails to renew.

Thank you!