github/cloudpanel-ce
1
1
Fork 0
mirror of https://github.com/cloudpanel-io/cloudpanel-ce.git synced 2026-04-05 20:31:58 +02:00
Code Issues 11 Packages Projects Releases Wiki Activity

Let's Encrypt: Automatic/Manual SSL Certificate Validation Problem #122

New Issue
Closed
opened 2026-04-05 20:25:31 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 20:25:31 +02:00
Owner
Copy Link

Originally created by @neredeyseok on 3/5/2025

CloudPanel version(s) affected

2.5.0

Description

The following errors are received when trying to automatically creating a certificate by cron or manually creating a certificate for a "site" or "CloudPanel Custom Domain" that has previously had a Let's Encrypt SSL certificate created. This happens in the nginx vhost configuration where it listens to both "80" and "443" ports from the same "server" block.

Note: I don't know how this configuration changes later and listens to ports 80 and 443 in a single block while ports 80 and 443 are positioned differently in server blocks. But we definitely did not change the configuration. Maybe it combines both while generating SSL.

Error Patterns

Example nginx vhost configuration causing the error. (Same server block 80 and 443 listen)

`
server {
listen 80;
listen [::]:80;
listen 443 quic;
listen 443 ssl;
listen [::]:443 quic;
listen [::]:443 ssl;

....

location ~ /.well-known {
auth_basic off;
allow all;
}
}
`

How to reproduce

Conditions

  • This happens in the nginx vhost configuration where it listens to both "80" and "443" ports from the same "server" block.
  • There must have been an Let's Encrypt SSL create once before.

Steps

Sites Area - New Let's Encrypt SSL

  • Site -> SSL/TLS -> Click "Actions" button. -> Click "New Let's Encrypt Certificate". -> Click "Create and Install"

Admin Area - CloudPanel Custom Domain - New Let's Encrypt SSL

  • Admin Area -> Click "Settings" on Left Menu -> "CloudPanel Custom Domain" on "General" tab -> Type domain name and click "Save".

Example Error's

Possible Solution

Keep it simple.

`
server {
listen 80;
listen [::]:80;
server_name {{server_name}};
root ...;

location ^/(?!.well-known) {
return 301 https://$host$request_uri;
}

auth_basic off;
allow all;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
...
server_name {{server_name}};
root ...;

...

location ~ /.well-known {
auth_basic off;
allow all;
}
`

Additional Context

Note: I don't remember exactly which version but this problem didn't happen before. I think there is only one old version CloudPanel server that doesn't have this problem. Because the configurations are not the same as the new version. Yes "v2.4.1" you won't encounter this problem on old CloudPanel servers with this version.

  • To overcome the problem on sites, you can go to "Site -> Vhost" page and apply the above solution to your own configuration.

  • To overcome the problem on "CloudPanel Custom Domain", you can go to "/home/clp/htdocs/app/files/resources/nginx/vhost_template/custom-domain" file and apply the above solution to the default configuration.

*Originally created by @neredeyseok on 3/5/2025* ### CloudPanel version(s) affected 2.5.0 ### Description **The following errors are received when trying to automatically creating a certificate by cron or manually creating a certificate for a "site" or "CloudPanel Custom Domain" that has previously had a Let's Encrypt SSL certificate created. This happens in the nginx vhost configuration where it listens to both "80" and "443" ports from the same "server" block.** **Note:** _I don't know how this configuration changes later and listens to ports 80 and 443 in a single block while ports 80 and 443 are positioned differently in server blocks. But we definitely did not change the configuration. Maybe it combines both while generating SSL._ **Error Patterns** - www.domain.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: [ip address]: Fetching http://domain.com/.well-known/acme-challenge/[auto-generated-validation-name]: Network is unreachable - www.domain.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: [ip address]: Fetching http://domain.com/.well-known/acme-challenge/[auto-generated-validation-name]: Timeout during connect (likely firewall problem) **Example nginx vhost configuration causing the error. (Same server block 80 and 443 listen)** ` server { listen 80; listen [::]:80; listen 443 quic; listen 443 ssl; listen [::]:443 quic; listen [::]:443 ssl; .... location ~ /.well-known { auth_basic off; allow all; } } ` ### How to reproduce **Conditions** - **This happens in the nginx vhost configuration where it listens to both "80" and "443" ports from the same "server" block.** - **There must have been an Let's Encrypt SSL create once before.** --- **Steps** *Sites Area - New Let's Encrypt SSL* - Site -> SSL/TLS -> Click "Actions" button. -> Click "New Let's Encrypt Certificate". -> Click "Create and Install" *Admin Area - CloudPanel Custom Domain - New Let's Encrypt SSL* - Admin Area -> Click "Settings" on Left Menu -> "CloudPanel Custom Domain" on "General" tab -> Type domain name and click "Save". --- **Example Error's** - www.domain.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: [ip address]: Fetching http://domain.com/.well-known/acme-challenge/[auto-generated-validation-text]: Network is unreachable - www.domain.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: [ip address]: Fetching http://domain.com/.well-known/acme-challenge/[auto-generated-validation-text]: Timeout during connect (likely firewall problem) ### Possible Solution **Keep it simple.** ` server { listen 80; listen [::]:80; server_name {{server_name}}; root ...; location ^/(?!\.well-known) { return 301 https://$host$request_uri; } auth_basic off; allow all; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ... server_name {{server_name}}; root ...; ... location ~ /.well-known { auth_basic off; allow all; } ` ### Additional Context **Note:** _I don't remember exactly which version but this problem didn't happen before._ I think there is only one old version CloudPanel server that doesn't have this problem. Because the configurations are not the same as the new version. Yes "v2.4.1" you won't encounter this problem on old CloudPanel servers with this version. - **To overcome the problem on sites, you can go to "Site -> Vhost" page and apply the above solution to your own configuration.** - **To overcome the problem on "CloudPanel Custom Domain", you can go to "/home/clp/htdocs/app/files/resources/nginx/vhost_template/custom-domain" file and apply the above solution to the default configuration.**
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
In progress
In progress
In progress
In progress
In progress
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
feedback needed
feedback needed
help wanted
improvement
improvement
improvement
improvement
patch available
patch available
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#122
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?