SOLVED [CPANEL-22093] Cpanel::Exception::ACME warnings during Let's Encrypt AutoSSL check

jamezarmstrong

Registered
Jul 31, 2018
2
0
1
England
cPanel Access Level
Root Administrator
I have setup several accounts to run AutoSSL using the official lets encrypt plugin for WHM / CPanel

There is a select account i keep getting the following error on:

load_perl_module cannot load ‘Cpanel::Exception::ACME::Protocol’: Can’t locate Cpanel/Exception/ACME/Protocol.pm in @INC (you may need to install the Cpanel::Exception::ACME::Protocol module) (@INC contains: /usr/local/cpanel /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/cpanel_lib/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/cpanel_lib /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0 /opt/cpanel/perl5/526/site_lib/x86_64-linux-64int /opt/cpanel/perl5/526/site_lib) at (eval 59) line 1. BEGIN failed–compilation aborted at (eval 59) line 1.

The domains A records are pointing to the server as the website is accessible.

The .well-known folder is accessible as I can access a test.txt file in there

Any help would be appreciated!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

Can you let us know the full output to /usr/local/cpanel/logs/error_log when attempting to run AutoSSL for this account?

Thank you.
 

Josh Lambert

Registered
Aug 5, 2018
2
0
1
Centreville, AL
cPanel Access Level
Root Administrator
I'm getting this same issue with LetsEncrypt. I tailed the error_log file recommended here, no errors regarding SSL to be found:

[[email protected] ~]# tail -f /usr/local/cpanel/logs/error_log
==> cpsrvd 11.72.0.10 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.72.0.10 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.72.0.10 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports


Did y'all ever figure out how to resolve this?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

Internal case CPANEL-22093 is now open to track reports of warning messages similar to the one below during AutoSSL checks when Let's Encrypt is enabled as the certificate provider:

load_perl_module cannot load 'Cpanel::Exception::ACME::Protocol': Can't locate Cpanel/Exception/ACME/Protocol.pm in @INC (you may need to install the Cpanel::Exception::ACME::Protocol module) (@INC contains: /usr/local/cpanel /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/cpanel_lib/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/cpanel_lib /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/x86_64-linux-64int /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0 /opt/cpanel/perl5/526/site_lib/x86_64-linux-64int /opt/cpanel/perl5/526/site_lib) at (eval 67) line 1. BEGIN failed--compilation aborted at (eval 67) line 1
I've linked this thread to the case, and will update this thread with more information as it becomes available. In the meantime, note this issue appears to only present itself in the form of a warning message and should not prevent systems from issuing a certificate.

Thank you.
 

Josh Lambert

Registered
Aug 5, 2018
2
0
1
Centreville, AL
cPanel Access Level
Root Administrator
"In the meantime, note this issue appears to only present itself in the form of a warning message and should not prevent systems from issuing a certificate."

That's incorrect. Warning aside, this sub-domain (along with one other) do not issue properly, though other ones on the same WHM instance have worked fine.

ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello Josh,

The warning message is likely suppressing the log output associated with the actual reason the certificate was not issued. Can you open a support ticket so we can take a closer look and see why that specific domain name was not issued a certificate? You can post the ticket number here and we will link this thread to it.

Thank you.
 

Bigwebmaster

Active Member
Dec 3, 2003
32
9
158
I hit this problem today as well, and got the same exact error message. I checked /usr/local/cpanel/logs/error_log and nothing gets logged there regarding this. To solve this problem:

Code:
Can't locate Cpanel/Exception/ACME/Protocol.pm
I had to copy the Protocol.pm file into one of the @INC locations. Doing:

Code:
locate Protocol.pm
I was able to determine that file was located here:

Code:
/var/cpanel/perl/Cpanel/Exception/ACME/Protocol.pm
That directory is not in PERLs @INC locations, so it never looks there. I then performed the following commands to get this file in an appropriate location:

Code:
cd /usr/local/cpanel/Cpanel/Exception
mkdir ACME
cd ACME
cp /var/cpanel/perl/Cpanel/Exception/ACME/Protocol.pm ./
Now when I run:

Code:
/usr/local/cpanel/bin/autossl_check --user someuser
It works again, and it actually outputs the real reason this started happening in the first place. For me the reason was that I was trying to solve some issues getting the certificate auto installed, and due to the fact I ran it too many times I was getting rate limited. Here was the real error that now appeared:

“Let’s Encrypt™” DCV error (domain.com): The ACME function “https://acme-v01.api.letsencrypt.org/acme/new-authz” indicated an error: “Error creating new authz :: too many failed authorizations recently: see Rate Limits - Let's Encrypt - Free SSL/TLS Certificates (The request exceeds a rate limit)” (429, “Too Many Requests”, urn:acme:error:rateLimited).
So the solution for me, is to just wait. Hope this helps others with this same problem!
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

To update, this was solved as part of an update to the cpanel-plugins repo:

Code:
# rpm -q --changelog cpanel-letsencrypt-2.23-1.1.noarch|grep "custom exception"
- Ensure custom exception modules can be loaded
Thank you.