CPanel error being sent regularly " doesn’t match non-SSL vhost IP"

Operating System & Version
CENTOS 7.7 xen hvm
cPanel & WHM Version
86.0 (build 17)

ChampionHandle

Registered
Jul 31, 2020
3
2
3
Boston
cPanel Access Level
Website Owner
Hi,

Hope everyone is well. We're trying to keep up maintenance on our certs and we're getting this error daily. Not sure why. Hoping you all could lend a hand. Thank you!

/usr/local/cpanel/bin/process_ssl_pending_queue encountered an error: The system retrieved the <abbr title="Secure Sockets Layer">SSL</abbr> certificate for "example.com", but failed to install it because of an error: The certificate could not be installed on the domain "example.com". Given “ip” (42.10.10.5 our cpanel ip) doesn’t match non-SSL vhost IP (10.7.7.7).. The system will attempt to fetch the certificate and to install it again. at /usr/local/cpanel/Cpanel/SSL/PendingQueue/Run.pm line 181.
 

andrew.n

Well-Known Member
Jun 9, 2020
136
29
28
EU
cPanel Access Level
Root Administrator
I suspect that 1:1 NAT is enabled on the server and that is causing the issues. If the server is not on a local network using NAT then make sure this is disabled:

you can do so by checking /var/cpanel/cpnat file. If it exist its enabled.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
12,366
1,126
313
Houston
You shouldn't set up NAT routing on a production server, no but if it's already configured but the NAT routing isn't being recognized you can run 1:1 NAT | cPanel & WHM Documentation though if there is an issue with the configuration this script will not help.