SOLVED [CPANEL-29596] Let's Encrypt - 400 Bad Request

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,912
2,191
363
Hello Everyone,

Following Let's Encrypt CDN update (New CDN for the Production API), we have received a number of reports regarding 400 Bad Request errors (visible in WHM >> Home >> SSL/TLS >> Manage AutoSSL) on cPanel & WHM servers using the Let's Encrypt plugin. This is blocking the successful installation of new SSL certificates on affected systems. We are currently tracking these reports as part of internal case CPANEL-29596.

To ensure SSL certificates continue to issue successfully, the temporary workaround is to switch from Let's Encrypt to cPanel (Powered by Sectigo) via the "Providers" tab in WHM >> Manage AutoSSL:


We'll update this thread with more information as it becomes available.

Thank you.
 
Last edited by a moderator:
  • Like
Reactions: ciao70 and vacancy

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
We have identified the incompatibility with Let's Encrypt's new CDN and we are working on publishing an update to resolve the issue.
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
We have published cpanel-letsencrypt-2.26 which resolves the incompatibility with Let's Encrypt's new CDN.

The update should be automatically installed tonight. Do force an update right away and enter the following commands on the command line (How to Access the Command Line - cPanel Knowledge Base - cPanel Documentation)

Rich (BB code):
yum clean all
yum update cpanel-letsencrypt
 
Last edited by a moderator:

ciao70

Well-Known Member
Nov 3, 2006
78
12
158
Hello,

This morning the certificate on our server was not renewed due to this error.
Code:
5:34:46 PM WARN “Let’s Encrypt™” DCV error (................): The ACME function “[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz”[/URL] indicated an error: “<html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> ” (400, “Bad Request”, ).


WARN “Let’s Encrypt™” DCV error (................): Cpanel::Exception::ACME::Protocol/(XID .....) The ACME function “[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz”[/URL] indicated an error: “<html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> ” (400, “Bad Request”, ).
The Apache server


How can we solve this problem?

I found this report on the support forum letsencrypt


Thanks
 
Last edited:

ciao70

Well-Known Member
Nov 3, 2006
78
12
158
this problem was born after the CDN change of Let’s Encrypt

 

hjolli

Registered
Nov 6, 2014
2
0
1
Reykjavi****k, Iceland, Iceland
cPanel Access Level
Root Administrator
that explains a lot, been struggling with certificates for 3 hours now. started from scratch several time. Have now installed self signed. Errors I get are very similar (repliced the site with "website" in the error log below:

any solution in sight?
Code:
 6:01:29 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
 Checking websites for “u1900902a” …
 6:01:29 PM Analyzing “website" …
 6:01:29 PM User-excluded domains: 4 (mail.website webmail.website.hi.is, cpanel.website.hi.is, webdisk.website.hi.is)
 ERROR TLS Status: Defective
 Certificate expiry: 9/23/20, 5:29 PM UTC (364.98 days from now)
 ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
 6:01:29 PM Performing DCV (Domain Control Validation) …
 6:01:29 PM Redirection #1 (website): [URL]http://website/.well-known/acme-challenge/AQAX1116H6NKJQAC3XHSIV3NORQIZYT-[/URL] → [URL]https://website/.well-known/acme-challenge/AQAX1116H6NKJQAC3XHSIV3NORQIZYT-[/URL]
 Local HTTP DCV OK: website
 Redirection #1 ([URL="http://www.website"]www.website[/URL]): [URL]http://www.website/.well-known/acme-challenge/QZGVU4TJ97AGYX0A8V_9K4G7IPQJ3-SB[/URL] → [URL]https://www.website/.well-known/acme-challenge/QZGVU4TJ97AGYX0A8V_9K4G7IPQJ3-SB[/URL]
 Local HTTP DCV OK: [URL="http://www.website"]www.website[/URL]
 6:01:29 PM Analyzing “website”’s DCV results …
 6:01:29 PM No CAA record added because there is no CAA record from another provider in the DNS for website.
 6:01:32 PM WARN “Let’s Encrypt™” DCV error (website): The ACME function “[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz”[/URL] indicated an error: “<html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> ” (400, “Bad Request”, ).
 WARN “Let’s Encrypt™” DCV error (website): Cpanel::Exception::ACME::Protocol/(XID y9repz) The ACME function “[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz”[/URL] indicated an error: “<html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> ” (400, “Bad Request”, ).
 WARN “Let’s Encrypt™” DCV error ([URL="http://www.website"]www.website[/URL]): The ACME function “[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz”[/URL] indicated an error: “<html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> ” (400, “Bad Request”, ).
 WARN “Let’s Encrypt™” DCV error ([URL="http://www.website"]www.website[/URL]): Cpanel::Exception::ACME::Protocol/(XID bvg26z) The ACME function “[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz”[/URL] indicated an error: “<html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> ” (400, “Bad Request”, ).
 ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
 6:01:32 PM The system has completed the AutoSSL check for “u1900902a”.
 
Last edited by a moderator:

hjolli

Registered
Nov 6, 2014
2
0
1
Reykjavi****k, Iceland, Iceland
cPanel Access Level
Root Administrator
Thank you very very much and the solution was the obvious one. Worked like a charm.

What I had already done was to install a wildcard certificate from globalsign (which though does not work for www in front of the domain name, that's why I wanted letsncrypt)

What I had to do was

1. yum clean all
2. yum update cpanel-letsencrypt
3. remove the globalsign certificate
4. run the auto ssl again

thanks again for a super quick reply.