my main domain name to access panel ssl didnt auto-renew

aaP_erikator

I access panel like this: https://mydomainname.com:xxxx/xxxxx
Since somehow 90% of my websites autorenewed, but only 3 have not, one of them is my main domain
I had to disable SSL, then login via IP and Manually renew.
panel ver 7.15

1) why didnt it auto renew?
2) Is it one-time problem? If i manually renewed ssl, should i also update (copy paste) ssl certifcates to Email server aswell? Or will email server domain auto renew differently?

Here are cron logs. It has been skipping my domain name for 10 days already. Then there are 2 other domains, that didnt autorenew aswell:

|-A total of 1 certificates need to be renewed
|-Renew the visa certificate and start checking the environment
[]
|- Turning off http to https
|-Renewing certificate number of 1，domain: ['www.maindomain.com', 'maindomain.com']..
|-Creating order..
/www/server/panel/class/acme_v2.py:1523: DeprecationWarning: sign() is deprecated. Use the equivalent APIs in cryptography.
return OpenSSL.crypto.sign(pk, message.encode("utf8&quot😉, self._digest)
|-Getting verification information..
|-Verify the dir：/www/wwwroot/maindomain.com/.well-known/acme-challenge
|-Verification type: http-01
|-Verifying domain name..
|-1 Query verification results..
|-2 Query verification results..
|-3 Query verification results..
|-4 Query verification results..
|-Verification failed
error_result: xxxx.xxx.xxx: Fetching https://www.maindomain.com/.well-known/acme-challenge/Sxmi9fJg-ej9RcTroqzvq9vwSAWO3tx1YExbQ2lDZhI: Timeout during connect (likely firewall problem)
|-The connection timed out and the CA server was unable to access your website!
|-Turning on http to https

|-Skipping domain name: ['www.maindomain.com', 'maindomain.com'] this time, due to last renewal failure, we need to wait 24 hours before trying again
|-A total of 1 certificates need to be renewed
|-Renew the visa certificate and start checking the environment
[]
|- Turning off http to https
|-Renewing certificate number of 1，domain: ['www.yyyy.com', 'yyyy.com']..
|-Creating order..
/www/server/panel/class/acme_v2.py:1523: DeprecationWarning: sign() is deprecated. Use the equivalent APIs in cryptography.
return OpenSSL.crypto.sign(pk, message.encode("utf8&quot😉, self._digest)
|-Getting verification information..
|-Verify the dir：/www/wwwroot/yyyy.com/.well-known/acme-challenge
|-Verification type: http-01
|-Verification type: http-01
|-Verifying domain name..
|-1 Query verification results..
|-Verification succeeded!
|-1 Query verification results..
|-Verification succeeded!
|-Sending CSR..
/www/server/panel/class/acme_v2.py:1353: DeprecationWarning: X509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography.
OpenSSL.crypto.X509Extension(
|-Downloading certificate..
|-Renewed successfully!!

Im thinking it might probably due to this in htaccess, that makes it unable to verify acme file:

RewriteCond %{HTTP_HOST} ^{domain.com

RewriteRule (.*) https://www.domain.com/$1 [R,L]

But this seems not to be true, because some of my other websites with same rule in htaccess got auto-renew correctly}

aaPanel_Kern

Hello,
The log indicates that the CA cannot connect to your website for verification. How did you verify manually? Is it verified using file or DNS?
Panel SSL, mail server currently does not automatically renew

aaP_erikator

aaPanel_Kern

It is verified using cron - checking files. Some of them failed, some were OK. Eventho they have same htaccess configuration.

I verified the failed ones manually. (turned off https in htaccess first).

So you are saying, that everytime, the certificate of domain name is renewed, i should copy paste certificate to mail server too?

aaPanel_Kern

Hello, where does https jump to? It is recommended that you try to configure .htacces to access the .well-known/acme-challenge/ directory locally
Need to be manually copied to the mail server

aaP_erikator