SSL RENEWAL ISSUE

aaP_alin_rzv

The SSL Renewal says "The expiration date is greater than 30 days, so there is no need for renewal!"

Even though it says 0 days untill expire, that means is the last day of the SSL , the website shows certificate expired , this means actually the last day the SSL is not valid within the browser.

aaPanel_Kern

aaP_alin_rzv
Hi,
SSL will not be updated automatically. You can try to update to the latest version 7.0.18, then close the SSL of the website, and then apply for SSL. After the records are normal, it will be automatically verified next time.

haris

aaPanel_Kern
had the same problem since previous few updates. now i follow your method and we'll see if the ssl will autorenew after 90 days. I got all my 3 domains ssl expired (was on 7.0.12), now i updated to 7.0.18, restart & fix panel, then disable all the existing ssl, then reapply new ssl for all 3 domains. so lets wait for another 60 days (since the cron should auto renew ssl 30 days before expiry)

but after updated to 7.0.18, in the cron i see a new entry added for the ssl renewal. should i remove the old one?
New cron entry:
Domain SSL Renew Let's Encrypt Certificate
/www/server/panel/pyenv/bin/python3 -u /www/server/panel/class/acme_v2.py --renew_v3=1

Existing old cron:
Renew Let's Encrypt Certificate
/www/server/panel/pyenv/bin/python -u /www/server/panel/class/acme_v2.py --renew=1

I tested the new cron after applied new ssl for the domains, but in the log just empty. Usually it will mention like no cert to be renewed etc..these are the log when execute manually.

★[2025-04-29 23:40:18] Successful

----------------------------------------------------------------------------
★[2025-04-29 23:44:10] Successful

aaPanel_Kern

haris
Hello,
No need to delete, please keep it

haris

aaPanel_Kern

what does this mean? i'm on version 7.0.18. all of the domains not auto renewed, 8 days left from expiry date. Did all of them were skipped?? why? when issue manually all ok. but when renews all skipped?

|-【1678f8e76603e22a0e6b68af63c23b08】Checking whether file verification is available.
|-【1678f8e76603e22a0e6b68af63c23b08】Trying to use file verification for renewal!
|-Renewing the 3 certificate，There are 8 certificates in total...
|-The root domain name【example.com】is not bound to the dns-api, Skip the domain name: sub.example.com!
|-【b90da6b424c5d493ddbbf0a5987ac4c3】None of the domain names are bound to the dns-api, so the DNS verification renewal cannot be used.

Do i need to setup these stuffs on the Domain menu for the SSL auto renewal to work?

aaPanel_Kern

Hello, you can try it. If you use DNS verification, you need to use API verification.

haris

aaPanel_Kern
i didnt use any dns-api verification for issuing LE ssl, just http validation. But the cron is using dns-api method. I think this is the main problem why all my ssl not renewing. how can i make the cron to use http validation like the older version 6+?
I think the new LE renewal cron were forced to use dns-api validation.

aaPanel_Kern

Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:
Detailed problem description:

No post link will not be able to know which user's information is, and the problem will not be processed

haris

mindzor

After Upgrade AAPanel Versions. when i try to update SSL, it said success, but i can't make it auto HTTPS ON. coz it said : Private key is not match with Certificate!

aaPanel_Kern

Hello, your operating system is Centos 7?
If so, please wait for us to fix compatible Centos 7

mindzor

monseg

aaPanel_Kern System: Debian GNU/Linux 12
and also a problem. TO shows success but nothing appears and there is no button to turn on ssl or just an empty message appears without text

aaPanel_Kern

Hello, please describe your problem in detail. Or provide screenshots

monseg

aaPanel_Kern Expired certificate when clicking on the Renewal button simply gives a system message without text

Okay, I deleted the certificate and disabled SSL and now status "Not Set"
I turned it back on and created a new certificate. I choose confirmation by file

I click on apply

/www/wwwroot/example_domain/.well-known/acme-challenge

A temporary verification file is created. A message appears that the certificate has been created successfully. But it does not appear in the panel and the same status is that the certificate is not installed.

It looks like the certificate is received according to the messages but is not applied

system DnsSSLManager Deploy [example_domain] SSL Failed! SSL Cert Not Found! 2025-05-22 09:32:29
system DnsSSLManager domain [example_domain] Apply SSL certificate Successfully! 2025-05-22 09:32:28
system DnsSSLManager Deploy [example_domain] SSL Failed! SSL Cert Not Found! 2025-05-22 09:32:03
system DnsSSLManager domain [example_domain] Apply SSL certificate Successfully! 2025-05-22 09:32:03
system DnsSSLManager Deploy [example_domain] SSL Failed! SSL Cert Not Found! 2025-05-22 09:26:40
system DnsSSLManager domain [example_domain] Apply SSL certificate Successfully! 2025-05-22 09:26:40
Mons Site manager Site [example_domain] turned off SSL successfully! 2025-05-22 09:26:22
Mons File manager Successfully created directory [ /www/wwwroot/example_domain/.well-known/acme-challenge ]! 2025-05-22 09:24:48
Mons File manager Successfully moved file [/www/wwwroot/example_domain/.well-known/acme-challenge] to recycle bin!

Run logs

[2025-05-22 09:26:40][DEBUG] - ---------save error Private key is not match with Certificate!
[2025-05-22 09:32:03][DEBUG] - Traceback (most recent call last):
File "/www/server/panel/class/acme_v2.py", line 1266, in save_cert
CertHandler().save_by_data(
File "/www/server/panel/class_v2/ssl_domainModelV2/service.py", line 1265, in save_by_data
YY5wEo94l9qfo5TPxQmUgntKkNFf3LL1HdzOArqT3Rzf4c9mP6YYFp+EIhOTQBqVjjicohwUi8ljN1zYEfhgYBncj+8MrBmydW1ah5fu2Iw=
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_~~
ValueError: Private key is not match with Certificate!

[2025-05-22 09:32:03][DEBUG] - ---------save error Private key is not match with Certificate!
[2025-05-22 09:32:28][DEBUG] - Traceback (most recent call last):
File "/www/server/panel/class/acme_v2.py", line 1266, in save_cert
CertHandler().save_by_data(
File "/www/server/panel/class_v2/ssl_domainModelV2/service.py", line 1265, in save_by_data
YY5wEo94l9qfo5TPxQmUgntKkNFf3LL1HdzOArqT3Rzf4c9mP6YYFp+EIhOTQBqVjjicohwUi8ljN1zYEfhgYBncj+8MrBmydW1ah5fu2Iw=
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_~~
ValueError: Private key is not match with Certificate!

[2025-05-22 09:32:28][DEBUG] - ---------save error Private key is not match with Certificate!

aaPanel_Kern

Hello, we have fixed this issue.

Please click on the "Fix" repair panel on the Home page.
Use the ssh tool command to fix it:
rm -f /tmp/update_to7.pl && curl -k https://node.aapanel.com/install/update_7.x_en.sh | bash

If this problem still exists
The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:
Detailed problem description:

No post link will not be able to know which user's information is, and the problem will not be processed

monseg

aaPanel_Kern it only got worse, now it's as if the DNS records are mixed up, you open one domain and another one opens and the status of the certificates' expiration dates have also changed places, other domains stopped opening altogether

[2025-05-22 14:28:25][DEBUG] - Traceback (most recent call last):
File "/www/server/panel/BTPanel/init.py", line 2689, in publicObject
return run_exec().run(toObject, defs, get)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/BTPanel/init.py", line 2635, in run
result = getattr(toObject, get.action)(get)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/class_v2/ssl_domainModelV2/api.py", line 547, in list_ssl_info
Q(is_order=int(get.is_order)) & (Q(dnslike=get.search) | Q(subjectlike=get.search))
^^^^^^^^^^^^
File "/www/server/panel/class/public/common.py", line 4557, in getattr
raise AttributeError('\'{}\' object has no attribute \'{}\''.format(self.class.name, key))
AttributeError: 'dict_obj' object has no attribute 'is_order'

sites php
[2025-05-22 14:32:39][DEBUG] - Traceback (most recent call last):
File "/www/server/panel/BTPanel/init.py", line 2689, in publicObject
return run_exec().run(toObject, defs, get)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/BTPanel/init.py", line 2635, in run
result = getattr(toObject, get.action)(get)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/class_v2/ssl_domainModelV2/api.py", line 547, in list_ssl_info
Q(is_order=int(get.is_order)) & (Q(dnslike=get.search) | Q(subjectlike=get.search))
^^^^^^^^^^^^
File "/www/server/panel/class/public/common.py", line 4557, in getattr
raise AttributeError('\'{}\' object has no attribute \'{}\''.format(self.class.name, key))
AttributeError: 'dict_obj' object has no attribute 'is_order'

letter with data to the panel and SSH sent to kern@aapanel.com.
At the moment, all sites on the server have become unavailable ((

aaPanel_Kern

Hello,
You can check it out here first. Certificate holder cannot be viewed is a known issue

monseg

I was able to start it but manually and it’s not very reliable.
in config management manually added

listen 443 ssl;
and

#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^/.*$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/domain/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/domain/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END

Before this, I checked the presence of the certificate in these folders.

But the initial problem is that the configs break, certificates are sometimes created, sometimes not, and they are not registered in the configs if they exist. And the expiration date is still not displayed for me. As a result, everything works temporarily, but the panel says that the term has expired ))

What was especially difficult was that after the suggested fix, DNS Manager stopped working (port 53 conflict, but that was the case for me from the very beginning) when trying to do something, it was confusing that one domain did not work, and another began to open by default instead of the other.

General steps, deleted certificate, created new one, corrected config
I have never encountered this before

aaPanel_Kern

Hello,
Thanks for your feedback, we will optimize it

monseg