Errors from cPanel Store API when requesting autossl certs

AM2015

Active Member
Jan 1, 2015
34
4
58
cPanel Access Level
Root Administrator
I am seeing this problem on some, but not all, users & domains. The problem has persisted for more than 24 hours. I don't think it could be a firewall issue as some of the domains have been issued the Comodo AutoSSL certificates. I will submit a support request as indicated above.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Here's an update for anyone noticing the following error message when attempting to generate SSL certificates via the AutoSSL feature:

Code:
"ERROR AutoSSL failed to request an SSL certificate for “$example.com” because of an error: Cpanel::Exception::cPStoreError/(XID 2a5jjx) The cPanel Store returned an error (X::Item::ActivationFailure) in response to the request “POST ssl/certificate/free”: Generic exception"
This error message occurs when the cPanel Store is unable make a connection with Comodo. Specifically, this happens when Comodo is congested and unable to accept requests for new certificates. Comodo is currently aware of this problem, and has begun to implement changes to prevent this from happening. There's currently no specific time frame to offer on the completion of these changes, but I'll update this thread with more information as it becomes available.

The current resolution is to wait for the next automatic run of the "/usr/local/cpanel/bin/checkallsslcerts" script during the nightly upcp maintenance, or to try manually running the following command for an individual account:

Code:
/usr/local/cpanel/bin/autossl_check --user $username
The above command can sometimes take two or three attempts to work, depending on the level of congestion Comodo is experiencing.

We also have an internal case open (CS-941) that aims to provide a more descriptive error output when this happens.

Thank you.
 

linux4me2

Well-Known Member
Aug 21, 2015
259
78
78
USA
cPanel Access Level
Root Administrator
I got the same error on an account last night, and I ran the command:
Code:
/usr/local/cpanel/bin/autossl_check --user $username
three times (Comodo must love me) but all I got was the following output:
Code:
This system has AutoSSL set to use “cPanel (powered by Comodo)”.
Checking websites for “username” …
   The website “thedomain.com”, owned by “username”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
   The system will attempt to renew SSL certificates for the following websites:
     thedomain.com (thedomain.com www.thedomain.com mail.thedomain.com)
The system has completed the AutoSSL check for “username”.

The system has finished checking 1 user.
There was no SSL cert installed. I was about to give up, but I tried the command one more time, and got the following:
Code:
This system has AutoSSL set to use “cPanel (powered by Comodo)”.
Checking websites for “username” …
   All websites owned by “username” have valid SSL certificates.
The system has completed the AutoSSL check for “username”.

The system has finished checking 1 user.
I verified that the site does indeed have a valid SSL cert installed now, so it took me four attempts.

Although the command appears to do the same thing as WHM -> SSL/TLS -> Manage AutoSSL -> Manage Users -> check $username, it works much better to run it via the command line because it gives you immediate feedback and you don't have to wait for the next upcp to run.
 
Last edited by a moderator:
  • Like
Reactions: cPanelMichael

verdon

Well-Known Member
Nov 1, 2003
919
12
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
Although the command appears to do the same thing as WHM -> SSL/TLS -> Manage AutoSSL -> Manage Users -> check $username, it works much better to run it via the command line because it gives you immediate feedback and you don't have to wait for the next upcp to run.
If you are running it via WHM -> SSL/TLS -> Manage AutoSSL -> Manage Users -> check $username you can get pretty quick feedback in the log tab... click to refresh the log list and you should see your process right away, where you can review it. I think the '+' indicator beside it may mean that it has not completed yet.
 
  • Like
Reactions: cPanelMichael

linux4me2

Well-Known Member
Aug 21, 2015
259
78
78
USA
cPanel Access Level
Root Administrator
If you are running it via WHM -> SSL/TLS -> Manage AutoSSL -> Manage Users -> check $username you can get pretty quick feedback in the log tab... click to refresh the log list and you should see your process right away, where you can review it. I think the '+' indicator beside it may mean that it has not completed yet.
Even when run from the command line, entries appear to be added to the logs, which makes sense. Three of the four attempts I made are in the log. Two still have the "+" (processing), and the final one when the certificate was installed does not, so I suspect I could have accomplished the same thing by clicking "Check $username" over and over as you say.
 

kodyxgen

Active Member
Jul 9, 2013
27
2
53
cPanel Access Level
Root Administrator
Hello,
some updates please? i have the same problem on my and;
Code:
 3:58:16 AM ERROR AutoSSL failed to request an SSL certificate for “mydomain.com” because of an error: Cpanel::Exception::cPStoreError/(XID 53ghs3) The cPanel Store returned an error (X::Item::ActivationFailure) in response to the request “POST ssl/certificate/free”: Generic exception at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77. Cpanel::Exception::create("cPStoreError", HASH(0x4785170)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 231 Cpanel::cPStore::__ANON__(Cpanel::Exception::HTTP::Server=HASH(0x47857b8)) called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 103 Try::Tiny::try(CODE(0x4005a98), Try::Tiny::Catch=REF(0x4786590)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 239 Cpanel::cPStore::_request(Cpanel::cPStore::LicenseAuthn=HASH(0x4005840), "post", "ssl/certificate/free", "item_params", HASH(0x46dae98)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 178 Cpanel::cPStore::post(Cpanel::cPStore::LicenseAuthn=HASH(0x4005840), "ssl/certificate/free", "item_params", HASH(0x46dae98)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 169 Cpanel::SSL::Auto::Provider::cPanel::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x4005888), Try::Tiny::Catch=REF(0x46da040)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 193 Cpanel::SSL::Auto::Provider::cPanel::renew_ssl_for_vhosts(Cpanel::SSL::Auto::Provider::cPanel=HASH(0x3c6c228), "camarada", "mydomain.com", ARRAY(0x1926b20)) called at bin/autossl_check.pl line 259 bin::autossl_check::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x3f47a00), Try::Tiny::Catch=REF(0x3f47388)) called at bin/autossl_check.pl line 266 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/PIDFile.pm line 101 Cpanel::PIDFile::do("Cpanel::PIDFile", "/var/cpanel/autossl_check.pid", CODE(0x3c6c618)) called at bin/autossl_check.pl line 287 bin::autossl_check::_run_maybe_captured("--user", "camarada") called at bin/autossl_check.pl line 109 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50 Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x3c38ee8)) called at bin/autossl_check.pl line 110 bin::autossl_check::run("--user", "camarada") called at bin/autossl_check.pl line 78
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

To update, we're seeing few occurrences of this issue in the past couple of weeks now that most systems have updated to cPanel version 60 and the AutoSSL requests have decreased. In cPanel version 60.0.26 or newer, the AutoSSL error log will display the following message when this happens:

"The provider “cPanel (powered by Comodo)” cannot currently accept incoming requests. The system will try again later.”

The change is referenced under case CPANEL-9958 at cPanel 60 - Change Log:

Implemented case CPANEL-9958: Improve error reporting from cPanel Store for AutoSSL.

Thanks!
 
  • Like
Reactions: verdon