Control Web Panel

WebPanel => Installation => Topic started by: Jake482 on December 18, 2023, 08:30:43 PM

Title: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 18, 2023, 08:30:43 PM

So, I am using CWP to test how it performs but I ran into several issues that I need help with.

So I installed CentOS 8 on a server and installed CWP using the installation instruction provided in the documents. I changed the webserver to NGINX+Varnish+Apache. I also changed my PHP version to 8.1.15. I created a cwp user added mydomain.com there. then I created a subdomain in the usercp called it panel.mydomain.com so that the DNS is setup properly. I also ensured that both the domain and subdomain are pointing to the server by using dnschecker.org

1. Whenever I reboot the server, The hostname changes back to default
2. When I generate an SSL under CWP>Change Hostname. It generates a self-signed certificate. and this is what I see in /var/log/cwp/autossl.log

2023-12-18 08:12:08 panel.mydomain.com Failed http validation for Hostname: panel.mydomain.com
2023-12-18 08:12:08 panel.mydomain.com Self-signed SSL installed for Hostname: panel.mydomain.com

3. from usercp when I try to generate an SSL for mydomain.com from Domain>AutoSSL this is the error I face

DNS of your domain doesn't point to this server or you have htaccess restrictions

How do I solve all these SSL issues? I've looked into the DNS editor and also tested that the domains are pointed to the server using nslookup both from the inside the server as well as other computers. I am truly baffled and out of ideas on what could be causing this.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 18, 2023, 09:29:56 PM

If you have https only set, Domain validation will fail because of the 403 redirect.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 18, 2023, 10:44:44 PM

if you mean opened ports. Then I have both 80 and 443 open. I don't see any option for https only however...

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 19, 2023, 12:07:33 AM

I mean if you have apache or nginx set to "force https", the all port 80 requests will be redirected to ssl.  This breaks letsencrypt for some reason.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 19, 2023, 12:51:17 AM

will that be in the vhost configs? Or will it be in any GUI option? I looked through all the config files, nothing is forcing https from what I see. however, the proxy pass location is using the https protocol for reversing port 2083 and 2031

I am using Nginx+Varnish+Apache webserver configuration btw.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 19, 2023, 01:02:05 AM

if this line is there, it's redirecting.

return 301 https://$server_name$request_uri;

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 19, 2023, 01:22:27 AM

yup none of the conf contains those. I also didn't enable anything related to https forcing. so unless those rediects comes default with cwp confs it's unlikely there.

I can dm you the access to the server to check if you want. i don't mind since this is a demo server.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 19, 2023, 01:36:35 AM

You can check the log file /root/.acme.sh/acme.sh.log to see what is going on.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 19, 2023, 01:40:09 AM

sudo tail /root/.acme.sh/acme.sh.log
tail: cannot open '/root/.acme.sh/acme.sh.log' for reading: No such file or directory

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 19, 2023, 02:41:21 AM

is  /.well-known/acme-challenge/   and /.well-known/pki-validation   present the the panel. vhost file?

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 19, 2023, 10:30:56 AM

yes with a alias of "/usr/local/apache/autossl_tmp/.well-known/acme-challenge"

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 19, 2023, 07:32:50 PM

Please visit https://letsdebug.net/  and post the results

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 19, 2023, 10:33:53 PM

(http://[b]https://ibb.co/Cs6rkHz[/b])

server.domain.com is my hostname and I have port 80 open just to confirm.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 20, 2023, 01:00:42 AM

Without the actual domain name, it's kind of hard to actually help you. 

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 20, 2023, 02:10:23 PM

(https://ibb.co/v4tqZqg)

Title: Re: I am facing multiple problem with CWP and SSL
Post by: overseer on December 20, 2023, 10:11:25 PM

Hostname and IP address so we can do some external checks.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 21, 2023, 12:15:18 AM

the hostname and ip are already provided in the images above.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 21, 2023, 01:45:52 AM

Your image isn't appearing.  Just type them.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 21, 2023, 02:30:50 AM

Hostname: server.alpahnode.in
IP: 140.238.243.255

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 21, 2023, 03:40:29 AM

When I do a dns lookup for server.alpahnode.in, alpanode.in i get NXDOMAIN.  Did you purchase the domain name?

Title: Re: I am facing multiple problem with CWP and SSL
Post by: rcschaff on December 21, 2023, 03:43:36 AM

Corrected your spelling for "alphanode.in"  You do not have an A record for panel.alphanode.in, so letsencrypt cannot possibly do a valid lookup to issue it a certificate

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Starburst on December 21, 2023, 07:45:49 AM

Leaf DNS is showing the A record as what you entered.
http://leafdns.com/index.cgi?testid=6A3F09FB

Is this on a NAT?
Since you seem to have everything going to that poor single IP.
http://leafdns.com/index.cgi?testid=EA888DD3

Do you have port 80 & 443 open in your firewall & upstream?

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Jake482 on December 23, 2023, 04:19:40 AM

Quote from: rcschaff on December 21, 2023, 03:43:36 AM

Corrected your spelling for "alphanode.in"  You do not have an A record for panel.alphanode.in, so letsencrypt cannot possibly do a valid lookup to issue it a certificate

I am using server.alphanode.in as hostname not using panel.alphanode.in

Quote from: Starburst on December 21, 2023, 07:45:49 AM

Leaf DNS is showing the A record as what you entered.
http://leafdns.com/index.cgi?testid=6A3F09FB

Is this on a NAT?
Since you seem to have everything going to that poor single IP.
http://leafdns.com/index.cgi?testid=EA888DD3

Do you have port 80 & 443 open in your firewall & upstream?

I don't think it's going through a NAT since this is a VPS. created it only for testing CWP.

Title: Re: I am facing multiple problem with CWP and SSL
Post by: Starburst on December 23, 2023, 04:19:11 PM

I'm getting an 'DNS_PROBE_FINISHED_NXDOMAIN' now where before when I tried it I got the default CWP page, which was correct when I tried server.alphanode.in.

And alphanode.in and the IP associated to everything is giving 'ERR_CONNECTION_REFUSED'.

As when you enter the server FQDN or IP, you should get the default CWP page, unless you have changed it manually.

If you would like, send me a PM with the login info, and I can login and take a look at what's going on.
I can already see there is no SSL for the hostname.