In Progress AutoSSL renewal problem

Mr.Novo

Active Member
Apr 9, 2017
26
3
3
Istanbul
cPanel Access Level
Root Administrator
I'm having problems since yesterday on one of my servers for SSL renewals. Is there something wrong or is it me ?

I've checked cPanel Store - Cart and verified that server can connect yet SSL logs throws a warning

Code:
12:13:08 PM WARN (XID sv523x) The response to the HTTP (Hypertext Transfer Protocol) “GET” request from “https://store.cpanel.net/json-api/ssl/certificate/free/orderid” indicated an error (500, Internal Server Error):
And after this warning:
Code:
 12:15:01 PM Polling for “user”’s new certificate for “domain” (order item ID “orderid”) …
12:15:05 PM The certificate is not available. (processing)
 
Last edited by a moderator:

Look

Registered
Jan 23, 2022
3
1
3
SG
cPanel Access Level
Website Owner
i've been having same errors since 11hours ago.

running this command
/usr/local/cpanel/bin/autossl_check --user $username

gives
---
The provider “cPanel (powered by Sectigo)”’s AutoSSL queue already contains a certificate request for “username”’s website “example.com”. The request’s start time is Jan 23, 2022, 4:35:01 PM UTC.
 

Mr.Novo

Active Member
Apr 9, 2017
26
3
3
Istanbul
cPanel Access Level
Root Administrator
I've different servers. Some of them works some of them not. I don't understand.

There was an emergency on my end so i bought an external certificate and fixed my problem. Today I checked again if subdomain SSLs are generated automaticly and they were.
 

matt1206

Well-Known Member
Dec 20, 2011
48
2
58
cPanel Access Level
Root Administrator
Seeing the same. Multiple servers, no common point with regards to server providers.

Manually running the autossl check now has renewed 3 domains on one server that expired this morning. These have previously been renewing automatically for the last 2 years since the server was installed.
 

matt1206

Well-Known Member
Dec 20, 2011
48
2
58
cPanel Access Level
Root Administrator
Example logs:

3:28:14 AM Processing “attbot”’s local DCV results …
3:28:14 AM Analyzing “attbot.org”’s DCV results …
3:28:14 AM AutoSSL will request a new certificate.
3:28:14 AM The system will attempt to renew the SSL certificate for (attbot.org: attbot.org www.attbot.org mail.attbot.org).
3:28:17 AM The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.
The system has completed “attbot”’s AutoSSL check.
3:28:17 AM Processing “lahjalstuttu”’s local DCV results …
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
9,904
1,545
313
cPanel Access Level
Root Administrator
Been seeing more and more of this error line lately, seems like Sectigo cannot keep up or is facing a lot of sporadic down time.
That's exactly correct - Sectigo is experiencing some issues at the moment and those have also been mentioned in this thread:


I'm waiting to hear back from them and I'll post an update once I do.
 
  • Like
Reactions: bellwood

matt1206

Well-Known Member
Dec 20, 2011
48
2
58
cPanel Access Level
Root Administrator
Any update? This is pretty poor TBH, as it's causing outages for multiple sites as their SSL certs are expiring due to them not issuing new certificates.
 

matt1206

Well-Known Member
Dec 20, 2011
48
2
58
cPanel Access Level
Root Administrator
I've faced similar problem with another server today. It took about 30 minutes to issue SSL but it seems working now. What i did to fix it ? Nothing.
I've tried manually renewing expired certificates, and I get the same response each time about them not accepting requests currently. I've had to swap over to LetsEncrypt as some of the sites have been down for 24 hours now with expired certificates.
 

matt1206

Well-Known Member
Dec 20, 2011
48
2
58
cPanel Access Level
Root Administrator
It's also at the point where my hostname certificate is going to expire tomorrow on one of the servers, and that's not being processed either:

Code:
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID xm95xd) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.
 

cEMa

Member
Mar 15, 2016
10
5
53
TN
cPanel Access Level
DataCenter Provider
Figured I'd share my experience in hope it helps others.. On a server with around 600 domains, I was quite affected by the recent certificate issue.

I was able to bypass the issue and get valid certs for the affected domains by switching to Let's Encrypt. (must be done as root)
  1. Log in to the server as the root user.
  2. Run the following command: /usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider
  3. Log in to WHM and navigate to the Manage AutoSSL interface (WHM >> Home >> SSL/TLS >> Manage AutoSSL).
  4. In the Providers tab, select the Let’s Encrypt™ option. The interface will display the Terms of Service section.
  5. Review Let’s Encrypt’s terms of service. If you agree, select the I agree to these terms of service option.
  6. Click Save.
Ref: The Let's Encrypt Plugin | cPanel & WHM Documentation
 

cEMa

Member
Mar 15, 2016
10
5
53
TN
cPanel Access Level
DataCenter Provider
Been seeing more and more of this error line lately, seems like Sectigo cannot keep up or is facing a lot of sporadic down time.
I share the same sentiment and concerns. I'm contemplating staying with Let's Encrypt due to all the issues I've been having using the default provider.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
9,904
1,545
313
cPanel Access Level
Root Administrator
There's nothing wrong with staying with Let's Encrypt permanently. For most users they won't notice an issue, although Let's Encrypt does have slightly lower limits that can cause issues for users that have a large number of domains or vhosts. More details on that can be found here:

 

internetfab

Well-Known Member
PartnerNOC
Feb 20, 2003
337
1
168
Gothenburg, Sweden
cPanel Access Level
DataCenter Provider
@cPRex : Would it be possible to add an AutoSSL provider as a backup provider if a run fails due to rate limit issues? Perhaps a feature request that can be handled rather quickly? :)

Right now we can switch autossl provider with whmapi1, run for one user and then switch back again but having it done automatically would be a nice feature.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
9,904
1,545
313
cPanel Access Level
Root Administrator
@internetfab - there was a request submitted just this week for that behavior:


I've added my vote to that just now and I'm letting our team know about it as well.
 
  • Like
Reactions: internetfab

internetfab

Well-Known Member
PartnerNOC
Feb 20, 2003
337
1
168
Gothenburg, Sweden
cPanel Access Level
DataCenter Provider
@internetfab - there was a request submitted just this week for that behavior:


I've added my vote to that just now and I'm letting our team know about it as well.
Cheers - added my vote to it as well :)

I might have a workaround for us atm, because we were using another script for LE before AutoSSL was in the picture and they have a way to let it run in a fashion like autossl, so I might let them compete.
 
  • Like
Reactions: cPRex