It should be listening on 80 by default. Maybe you have port 80 firewalled / access blocked in hosts.allow/hosts.deny (older OS) ?
What is your result when you execute this:
netstat -plan|grep cpsrvd|grep -v LISTENING
What exactly happens when you try to renew the cert? Keep in mind that the cPanel cert on DNSOnly boxes will only end up renewing if it's a couple days from expiry. You'll get a notice 30 days in advance (I think), but usually cannot renew the cert until a couple of days before expiry because cPanel won't process it before then.
It's CentOS v7.9.2009 with cPanel 110.0.5.
# netstat -plan|grep cpsrvd|grep -v LISTENING
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 1902/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 1902/cpsrvd (SSL) -
# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/AC850BAE49D76F2B956547863F5CCA88.txt) …
… complete.
Setting up DNS DCV for “[hostname redacted]” …
… complete.
Attempting DNS DCV preflight checks …
[hostname redacted]: DNS DCV preflight check failed; falling back to HTTP …
[hostname redacted]: Attempting HTTP DCV preflight check …
The system failed to fetch the DCV (Domain Control Validation) file at “http://[hostname redacted]/.well-known/pki-validation/AC850BAE49D76F2B956547863F5CCA88.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://[hostname redacted]/.well-known/pki-validation/AC850BAE49D76F2B956547863F5CCA88.txt” because of an error: Could not connect to '[hostname redacted]:80': Connection refused.
Undoing HTTP DCV setup …
… complete.
Undoing DNS DCV setup …
… complete.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: All HTTP and DNS DCV preflight checks failed!
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
/R
# netstat -plan|grep cpsrvd|grep -v LISTENING
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 1902/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 1902/cpsrvd (SSL) -
# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/AC850BAE49D76F2B956547863F5CCA88.txt) …
… complete.
Setting up DNS DCV for “[hostname redacted]” …
… complete.
Attempting DNS DCV preflight checks …
[hostname redacted]: DNS DCV preflight check failed; falling back to HTTP …
[hostname redacted]: Attempting HTTP DCV preflight check …
The system failed to fetch the DCV (Domain Control Validation) file at “http://[hostname redacted]/.well-known/pki-validation/AC850BAE49D76F2B956547863F5CCA88.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://[hostname redacted]/.well-known/pki-validation/AC850BAE49D76F2B956547863F5CCA88.txt” because of an error: Could not connect to '[hostname redacted]:80': Connection refused.
Undoing HTTP DCV setup …
… complete.
Undoing DNS DCV setup …
… complete.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: All HTTP and DNS DCV preflight checks failed!
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
/R
If you restart cpsrvd, does that get the service to listen on port 80? If not, it might be best to create a ticket so we can take a look at the system.
# /usr/local/cpanel/scripts/restartsrv_cpsrvd
Waiting for “cpsrvd” to restart gracefully …………waiting for “cpsrvd” to initialize ………finished.
Service Status
cpanel (/usr/local/cpanel/cpsrvd --llu=1683705675 --listen=10,11,12,7,8,9 --start --systemd) is running as root with PID 1910 (systemd+/proc check method).
Startup Log
May 10 08:17:45 reggie systemd[1]: Starting cPanel services...
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd 11.110.0.5 started
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: loading security policy....Done
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: Setting up SSL support ... Done
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: setting up serviceauth
May 10 08:17:54 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: bound to ports
May 10 08:17:54 reggie systemd[1]: Started cPanel services.
May 10 08:17:56 reggie restartsrv_cpsrvd[1910]: License is valid and has already updated recently.
cpsrvd restarted successfully.
# netstat -plan|grep cpsrvd|grep -v LISTENING
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 1910/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 1910/cpsrvd (SSL) -
Similar result on its sibling.
/R
Waiting for “cpsrvd” to restart gracefully …………waiting for “cpsrvd” to initialize ………finished.
Service Status
cpanel (/usr/local/cpanel/cpsrvd --llu=1683705675 --listen=10,11,12,7,8,9 --start --systemd) is running as root with PID 1910 (systemd+/proc check method).
Startup Log
May 10 08:17:45 reggie systemd[1]: Starting cPanel services...
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd 11.110.0.5 started
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: loading security policy....Done
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: Setting up SSL support ... Done
May 10 08:17:53 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: setting up serviceauth
May 10 08:17:54 reggie restartsrv_cpsrvd[1910]: ==> cpsrvd: bound to ports
May 10 08:17:54 reggie systemd[1]: Started cPanel services.
May 10 08:17:56 reggie restartsrv_cpsrvd[1910]: License is valid and has already updated recently.
cpsrvd restarted successfully.
# netstat -plan|grep cpsrvd|grep -v LISTENING
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 1910/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 1910/cpsrvd (SSL) -
Similar result on its sibling.
/R
At this point it would be best to create a ticket with our team, since this is one of those things that should just work out of the box.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| M | cpsrvd down | Operating Systems | 14 | |
| M | In Progress [CPANEL-27140] - cpsrvd zombie process | Operating Systems | 1 | |
| A | Internal server error 500 cpsrvd error | Operating Systems | 1 | |
| S | cpsrvd error log: Possible denial of service? | Operating Systems | 2 | |
| P | SOLVED How do I stop cpsrvd from listening on port 80? | Operating Systems | 2 |