How to Reissue SSL Certificates for a Domain in CyberPanel Using Both the Control Panel and SSH

SSL certificates play a crucial role in encrypting data transmitted between a website and its visitors while improving trust and security indicators displayed by web browsers. During server operation, SSL certificates may expire, fail to renew, become corrupted, or encounter issues due to DNS changes, server migrations, or configuration errors. In such situations, reissuing the SSL certificate is necessary to restore secure website access.

This guide explains several methods for reissuing SSL certificates in CyberPanel, including both graphical interface and SSH-based approaches.

When Should You Reissue an SSL Certificate?

You should consider reissuing your SSL certificate if you encounter any of the following situations:

• Your browser displays a “Connection is Not Secure” warning.
• The SSL certificate has expired or is close to expiration.
• CyberPanel fails to renew the certificate automatically.
• The website has recently been migrated to a new server.
• DNS records have been modified.
• SSL files have been accidentally deleted or corrupted.

Method 1: Remove the Existing SSL Certificate and Reissue It Through CyberPanel

This is the easiest and most common method for most users.

Step 1: Remove the Existing SSL Certificate

Connect to your server via SSH and execute the following commands:

rm -rf /etc/letsencrypt/live/domain.com
rm -rf /etc/letsencrypt/archive/domain.com
rm -rf /etc/letsencrypt/renewal/domain.com.conf

Restart OpenLiteSpeed:

systemctl restart lsws

Step 2: Reissue SSL from the CyberPanel Interface

Log in to CyberPanel and navigate to:

Websites → List Websites → Manage → Issue SSL

Or:

SSL → Manage SSL

CyberPanel will automatically connect to Let’s Encrypt and generate a new SSL certificate for your domain.

Method 2: Reissue SSL Using CyberPanel Command Line Utilities

If the CyberPanel interface is inaccessible or not functioning correctly, you can issue SSL certificates directly from SSH.

Run:

python3 /usr/local/CyberCP/plogical/sslUtilities.py -d domain.com

On some CyberPanel versions, the command may be:

python3 /usr/local/CyberCP/plogical/virtualHostUtilities.py issueSSL --domain domain.com

Verify that the certificate has been created successfully:

ls -la /etc/letsencrypt/live/domain.com/

If you see files such as cert.pem, fullchain.pem, and privkey.pem, the SSL certificate has been issued successfully.

Method 3: Issue SSL Certificates Using Certbot

Certbot is the official client recommended by Let’s Encrypt for certificate management.

Install Certbot

For Ubuntu:

apt update
apt install certbot -y

For AlmaLinux or Rocky Linux:

dnf install certbot -y

Issue an SSL Certificate

certbot certonly --webroot \
-w /home/domain.com/public_html \
-d domain.com \
-d www.domain.com

Once completed, the certificate files will be stored in:

/etc/letsencrypt/live/domain.com/

You can manually import these certificates into CyberPanel if necessary.

Method 4: Issue a Wildcard SSL Certificate

A Wildcard SSL certificate secures all subdomains under a domain.

Example:

*.domain.com

Run:

certbot certonly \
--manual \
--preferred-challenges dns \
-d "*.domain.com" \
-d domain.com

Certbot will request that you create a DNS TXT record:

_acme-challenge.domain.com

After the DNS record has propagated, Certbot will verify ownership and issue the Wildcard SSL certificate.

This method is particularly useful for websites with multiple subdomains such as:

• mail.domain.com
• blog.domain.com
• api.domain.com
• shop.domain.com

Method 5: Using acme.sh

Many server administrators prefer acme.sh because it is lightweight and highly reliable.

Install acme.sh

curl https://get.acme.sh | sh
source ~/.bashrc

Issue an SSL Certificate

acme.sh --issue \
-d domain.com \
-w /home/domain.com/public_html

Install the Certificate

acme.sh --install-cert -d domain.com \
--key-file /usr/local/lsws/conf/key.pem \
--fullchain-file /usr/local/lsws/conf/cert.pem

Restart OpenLiteSpeed:

systemctl restart lsws

Troubleshooting SSL Issuance Failures

If Let’s Encrypt fails to issue or renew a certificate, perform the following checks.

Verify DNS Records

Ensure that your domain resolves to the correct server IP address:

dig domain.com +short
dig www.domain.com +short

Verify Port 80 Accessibility

Let’s Encrypt must access your website via HTTP during the validation process.

ss -tulpn | grep :80

Or:

curl http://domain.com

Verify Firewall Configuration

Ensure that the following ports are open:

80/tcp
443/tcp

Check firewall settings using:

firewall-cmd --list-ports

Or:

ufw status

Check CyberPanel Logs

tail -f /usr/local/lscp/logs/error.log

Check Let’s Encrypt Logs

tail -f /var/log/letsencrypt/letsencrypt.log

CyberPanel and Error SSL

CyberPanel offers several ways to issue and renew SSL certificates, ranging from its built-in graphical interface to command-line tools. In most cases, removing the old certificate and using the “Issue SSL” function again is sufficient to resolve SSL-related issues.

For websites with multiple subdomains, Wildcard SSL certificates obtained through DNS validation provide a more flexible and scalable solution. Regularly monitoring DNS records, firewall settings, and system logs can help prevent SSL issues and ensure your website remains secure and accessible at all times.