Website Lets Encrypt SSL reissue fails when docRoot is modified

[henscu]

I created a website and WordPress installation using standard Cyberpanel instructions as described here. I also successfully set up Lets Encrypt SSL for my new WordPress website using CyberPanel.

Then I modified the WordPress setup to a Roots Bedrock WordPress setup, which required that I modify my docRoot in vHost Conf as follows:

Old value:        docRoot                   $VH_ROOT/public_html
New value:        docRoot                   $VH_ROOT/public_html/current/web

Everything was fine until 90 days later my Lets Encrypt renewal failed, and my SSL became a self-signed SSL.

I looked in the CyberPanel log files, and found the acme.sh command that had been issued to renew the Lets Encrypt SSL:

/root/.acme.sh/acme.sh --issue -d example.com -d www.example.com --cert-file /etc/letsencrypt/live/example.com/cert.pem --key-file /etc/letsencrypt/live/example.com/privkey.pem --fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem -w /home/example.com/public_html --force

This acme.sh command had caused the Lets Encrypt SSL reissue to fail with the following .well-known challenge error:

example.com:Verify error:Invalid response from https://example.com/.well-known/acme-challenge/NEgbE57f6YxhOkecDFyuc2fwv5d4Ko0EeEh-56dt5N0

It looks like CyberPanel is not getting the correct acme.sh webroot parameter value from vHost Conf, which causes Lets Encrypt reissue to fail when docRoot has been modified from the 'standard' value.

To reissue my Lets Encrypt certificate successfully, I simply reran the above acme.sh command from the command line with the correct webroot parameter (/home/example.com/public_html/current/web) as follows:

/root/.acme.sh/acme.sh --issue -d example.com -d www.example.com --cert-file /etc/letsencrypt/live/example.com/cert.pem --key-file /etc/letsencrypt/live/example.com/privkey.pem --fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem -w /home/example.com/public_html/current/web --force

It looks like it should be a simple fix to modify CyberPanel to use the latest docRoot value from vHost Conf when issuing Lets Encrypt requests?

[usmannasir]

CyberPanel saves the document root value in the database and does not look up in the configuration file. Your point is valid, so if you have modified the path LetsEncrypt will fail to renew the license.

[chiareu]

OK, what solution do we have? can we edit the CB database to point to the actual root folder? There are many scenarios in which we have to use a root folder different from the one generated by CB.

[usmannasir]

Is this sub or main domain?

[chiareu]

for sub and add-on domains there are many scenarios, i.e. for multisite WordPress install

[ntkonsultant]

Hi there, It's a real big problem and there is no solution at the time ?? Is it any way to change manually the root path ? Because when creating a new website there is no way to put the doc root folder we have to make it after ....

[maicol07]

Any news?

[ntkonsultant]

No news ...

Cordialement, Noureddine TALBI Consultant SI Mobile : +687 970080 Adresse : BP 16550 9804 Nouméa Email : @. Le 19 mars 2021 à 00:22 +1100, Maicol @.>, a écrit :

Any news? — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[ksaltik]

Same Issue with bedrock modifying the webroot cause ssl certificate to not renewing

[justlevine]

Is there still no workaround for this?