Can't create a new domain after the Update 1.7.43

kabay

Hi hope you are doing well, has an issue when creating a new domain name please can you help me.

[2026-02-17 15:32:07 +0000] [847] [ERROR] Error handling request /domains/new
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/gunicorn/workers/sync.py", line 134, in handle
self.handle_request(listener, req, client, addr)
File "/usr/local/lib/python3.12/site-packages/gunicorn/workers/sync.py", line 182, in handle_request
for item in respiter:
^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/werkzeug/wsgi.py", line 256, in next
return self._next()
^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/werkzeug/wrappers/response.py", line 32, in _iter_encoded
for item in iterable:
^^^^^^^^
File "<frozen 2083-x86.modules.domains>", line 402, in generate
File "/usr/local/lib/python3.12/site-packages/gunicorn/workers/base.py", line 204, in handle_abort
sys.exit(1)
SystemExit: 1

MixDelo

kabay not sure why 10sec timeout is reached in your case, how much cpu/ram does the machine have?

Anyways, limit is configurable in /etc/openpanel/openpanel/service/service.config.py file - edit these two:

timeout = 10
graceful_timeout = 10

for example increase them to 120, then restart docker restart openpanel

does that resolve the issue?

kabay

MixDelo , thanks for the response I tried to increase to 120 but the issue is still not working, when I check on openAdmin side the domain is marked as suspended and I can't unsuspend it.
bellow is were it stop working. I have 8 cores cpu / 32 GB or RAM.

Detected public suffix (TLD): .net Domain 'duplicati.***.net' is a subdomain of '****.net'. Checking if domain already exists on the server Checking domain against system domains list User **** already owns the apex domain ****.net - adding subdomain.. Adding duplicati.****.net to the domains database Creating document root directory /var/www/html/duptest

stefan

kabay delete command should still work, can you delete the domain?

Afterwards, try adding it from terminal again with

opencli -x domains-add <DOMAIN_NAME> <USERNAME> [--docroot DOCUMENT_ROOT]

Share the log if it gets stuck

kabay

stefan here is the logs

[REDACTED]

Thanks

stefan

kabay thanks!

Could you try running opencli update --cli and then retry?

It might be due to a very large directory or a disk I/O bottleneck. I added a timeout to the chown command, so hopefully it should work better now. Please update and test when you get a chance.

kabay

Thanks, I was able to create a new domain. I'm wondering if this is a normal behavior it doesn't create the SSL certificate anymore for new domain.

stefan

kabay there haven’t been any changes - SSL generation works the same as before:

Open the domain using https://
Run docker logs -f caddy to see Caddy attempting to issue the SSL certificate (if it fails, the logs should indicate why)
Wait for subsequent retry attempts - you can force it with docker restart caddy

stefan

I've added a logs option to the opencli domains-ssl command. It tails the docker logs -f caddy output and filters lines related to your domain that include certificate, renew, obtain, or challenge.

To update your CLI first, run:

opencli update --cli

Then, you can view SSL logs for a specific domain:

opencli domains-ssl <DOMAIN_NAME> logs

Example:

root@srv54:~# opencli domains-ssl pcelarstvopejcic.com logs

Showing SSL-related log lines for pcelarstvopejcic.com
-------------------------------------------------------
{"level":"warn","ts":1771498281.5536706,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [pcelarstvopejcic.com]: no OCSP server specified in certificate","identifiers":["pcelarstvopejcic.com"]}
{"level":"warn","ts":1771498461.5792735,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [pcelarstvopejcic.com]: no OCSP server specified in certificate","identifiers":["pcelarstvopejcic.com"]}
{"level":"warn","ts":1771498941.5835505,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [pcelarstvopejcic.com]: no OCSP server specified in certificate","identifiers":["pcelarstvopejcic.com"]}
{"level":"info","ts":1771499302.0901031,"logger":"tls.on_demand","msg":"updated ACME renewal information","identifiers":["pcelarstvopejcic.com"],"server_name":"pcelarstvopejcic.com","cert_hash":"4ff3c89d8a5904714756448b7c6d62c91dbeb0c3a40317af91d1f24f428c2bfe","ari_unique_id":"rkie3IcdRKBv2qLlYHQEeMKcAIA.BmHEsLgWFMdotAwbJBo-9L0V","cert_expiry":1774449902,"selected_time":1771888562,"next_update":1771521288.0863762,"explanation_url":""}
{"level":"info","ts":1771521442.1103876,"logger":"tls.on_demand","msg":"updated ACME renewal information","identifiers":["pcelarstvopejcic.com"],"server_name":"pcelarstvopejcic.com","cert_hash":"4ff3c89d8a5904714756448b7c6d62c91dbeb0c3a40317af91d1f24f428c2bfe","ari_unique_id":"rkie3IcdRKBv2qLlYHQEeMKcAIA.BmHEsLgWFMdotAwbJBo-9L0V","cert_expiry":1774449902,"selected_time":1771888562,"next_update":1771543028.1020808,"explanation_url":""}
{"level":"info","ts":1771543042.242771,"logger":"tls.on_demand","msg":"updated ACME renewal information","identifiers":["pcelarstvopejcic.com"],"server_name":"pcelarstvopejcic.com","cert_hash":"4ff3c89d8a5904714756448b7c6d62c91dbeb0c3a40317af91d1f24f428c2bfe","ari_unique_id":"rkie3IcdRKBv2qLlYHQEeMKcAIA.BmHEsLgWFMdotAwbJBo-9L0V","cert_expiry":1774449902,"selected_time":1771888562,"next_update":1771567529.2359803,"explanation_url":""}
{"level":"info","ts":1771567582.1398098,"logger":"tls.on_demand","msg":"updated ACME renewal information","identifiers":["pcelarstvopejcic.com"],"server_name":"pcelarstvopejcic.com","cert_hash":"4ff3c89d8a5904714756448b7c6d62c91dbeb0c3a40317af91d1f24f428c2bfe","ari_unique_id":"rkie3IcdRKBv2qLlYHQEeMKcAIA.BmHEsLgWFMdotAwbJBo-9L0V","cert_expiry":1774449902,"selected_time":1771888562,"next_update":1771590559.132008,"explanation_url":""}

You can also:

Show a specific number of log lines (e.g., 1000):

   opencli domains-ssl <DOMAIN_NAME> logs 1000

Tail logs live to see new entries in real-time:

   opencli domains-ssl <DOMAIN_NAME> logs -f

Hopefully this will help you determine why ssl is not generated for a domain

kabay

It worked! Thanks! I notice an issue when you create a new domain in the Caddy file the proxy is set with the server IP:[APACHE CONTAINER PORT] instead of the 127.0.0.1:[APACHE CONTAINER PORT], those port are usually block from public access and that make the domain name inaccessible. I don't know if it's intentional just want to let you know. Thanks again for your help!!!

stefan

kabay great!

Can you share the log (visible on OpenPanel UI) when adding a domain? This will tell why public IP Is used and not the default 127.0.0.1:

dedicated IP is set for user
server does not have the IP assigned (hostname -I does not shows it)
user is created on another remote server so we need to use the public IP instead

kabay

stefan stefan here is the log when creating a new domain name:
Detected public suffix (TLD): .us Domain 'backups.xxxx.us' is a subdomain of 'xxxx.us'. Checking if domain already exists on the server Checking domain against system domains list User xxxx already owns the apex domain xxxx.us - adding subdomain.. Adding backups.xxxx.us to the domains database Creating document root directory /var/www/html/backups.xxxx.us Checking webserver configuration Checking IPv4 address for the account IP address is asigned to a node (slave) server. Starting apache varnish containers.. Creating backups.xxxx.us.conf Creating Caddy configuration for the domain, without ModSecurity Enabling Varnish cache for the domain.. Caddy is running, validating new domain configuration Domain successfully added and Caddy reloaded. Adding records to existing DNS zone for apex domain: /etc/bind/zones/xxxx.us.zone DNS service is running, adding the zone Starting container for the PHP version 8.3 Domain backups.xxxx.us added successfully

stefan

kabay thank you!

based on:

IP address is asigned to a node (slave) server.

reason is:
https://github.com/stefanpejcic/opencli/blob/bc3f467f8ad561c9df065d8b73faa4e8b67a235d/domains/add.sh#L434

what is the output of docker context ls on your server? should have only local contexts with sockets, example:

root@demo:~# docker context ls
NAME        DESCRIPTION                               DOCKER ENDPOINT                            ERROR
default *   Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                
demo        demo                                      unix:///hostfs/run/user/1002/docker.sock   
dummy       dummy                                     unix:///hostfs/run/user/1003/docker.sock   
xcm8d1ub    xcm8d1ub                                  unix:///hostfs/run/user/1001/docker.sock

unless user is created on slave server: https://dev.openpanel.com/cli/users.html#Create-user-on-Slave-server

kabay

stefan
docker context ls NAME DESCRIPTION DOCKER ENDPOINT ERROR default * Current DOCKER_HOST based configuration unix:///var/run/docker.sock test test unix:///hostfs/run/user/1002/docker.sock

stefan

kabay should be ok now, please update with opencli update -cli and retry

And thank you for reporting and sharing outputs!

kabay

Thanks, for the assistance, It's working fine now