Failed update of services SSL certificates.

Remus76

Member
Apr 12, 2016
17
2
53
Romania
cPanel Access Level
Root Administrator
Hi!
I manage a VPS. CentOS v7.9.2009, cPanel v100.0.5
Lately I receive error warnings after update retry of SSL Certificates of Exim, Dovecot and WHM.
I have 15 more days to solve the problem, or else I assume mail accounts will stop working.

The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 654.
There is no checkallsslcerts.pl file to check line 654. I searched entire installation of Centos.

I had also error message after command needs-restarting. There were countless lines like this.
http://138.118.173.126/cpanelsync/repos/CentOS/7/cpanel-plugins/x86_64/repodata/99b0ad5f230073f622ec9ed0c4629af674a01a6cf89967b987b69403cab97552-filelists.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found
Now this error is gone, but still can't update the SSL certificates.
Could it be caused by regular use of systemctl daemon-reexec? I try to avoid reboot.

Thank you!
 
Last edited:

andrew.n

Well-Known Member
Jun 9, 2020
766
275
63
EU
cPanel Access Level
Root Administrator
Can you run this command and see what error you get?

/usr/local/cpanel/bin/checkallsslcerts
 

Remus76

Member
Apr 12, 2016
17
2
53
Romania
cPanel Access Level
Root Administrator
Thank you for reply. I used it with --verbose. Same story for other two services.
The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 654.
 

andrew.n

Well-Known Member
Jun 9, 2020
766
275
63
EU
cPanel Access Level
Root Administrator
As this doesn't provide enough information the best would be to Submit a Ticket at cPanel directly to investigate this further. Alternatively you can also hire a cPanel certified sys admin from Resources to look into this for you.

@cPanelAnthony
 
  • Like
Reactions: cPanelAnthony

Bayern

Member
Aug 24, 2017
6
1
1
Finland
cPanel Access Level
Root Administrator
Hi everyone!
Was this solved, I have exactly the same situation since the latest update:
I run a VPS with CentOS v7.9.2009, cPanel v100.0.5 and since the last update I receive error warnings after every update retry of SSL Certificates of FTP, Exim, Dovecot and WHM.
I also tried to find the file mentioned in the error report, but there is no checkallsslcerts.pl file to check line 654.
I ran /usr/local/cpanel/bin/checkallsslcerts as suggested by andrew.n and ended up having 100% similar message as Remus76.

Any help would be appreciated.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,002
98
103
Houston, TX
cPanel Access Level
Root Administrator
It looks like the issue in this ticket was due to a stale CSR file that had to be moved out of the way. It was fixed by moving the file out of the way and re-running AutoSSL.

Code:
[[email protected] ~]cPs# mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v
‘/var/cpanel/hostname_cert_csrs’ -> ‘/var/cpanel/hostname_cert_csrs.cpbkp’
However, this issue can be caused by a variety of problems. It would be best to open a ticket using the link in my signature if anyone is having issues. Otherwise, please reach out to your web hosting provider if you cannot open one with us directly.
 
  • Like
Reactions: SashoB

timmit

Registered
Dec 7, 2021
2
0
1
Netherlands
cPanel Access Level
Root Administrator
Ok the fix works but I think that we know possibly why the csrs is stale:

The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

But maybe make something in the /usr/local/cpanel/bin/checkallsslcerts that removes stale csrs files...

And could it be that because the server is set on autossl => letsencrypt that the queue isn't correctly processed for the cpanel store part?
 

astroud

Registered
Dec 7, 2021
2
1
3
Washington State
cPanel Access Level
Root Administrator
However, this issue can be caused by a variety of problems. It would be best to open a ticket using the link in my signature if anyone is having issues. Otherwise, please reach out to your web hosting provider if you cannot open one with us directly.
We encountered this same issue over the weekend. I've got a ticket open as well. #94392338

Are the renewals now contingent on using a hostname with a domain name that you can manage?
Right now we have a couple of VPSes using subdomains that our hosting provider provided, example: vps1234.hosting.com

To the best of my–albeit relatively new–knowledge, this wasn't a problem in the past.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,002
98
103
Houston, TX
cPanel Access Level
Root Administrator
We encountered this same issue over the weekend. I've got a ticket open as well. #94392338

Are the renewals now contingent on using a hostname with a domain name that you can manage?
Right now we have a couple of VPSes using subdomains that our hosting provider provided, example: vps1234.hosting.com

To the best of my–albeit relatively new–knowledge, this wasn't a problem in the past.
Thank you for the update. I am looking into your question here and will get back to you.
 

coursevector

Well-Known Member
Feb 23, 2015
159
20
68
cPanel Access Level
Root Administrator
I just ran into this problem. Below is the timeline of things I did:

1. Tried running
Code:
# /usr/local/cpanel/bin/checkallsslcerts
which resulted in the error message:
Code:
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error:
The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 654.
2. Tried @cPanelAnthony fix, which DID remove the stale CSR

3. Tried running again:
Code:
# /usr/local/cpanel/bin/checkallsslcerts
which resulted in the error message:
Code:
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: 
(XID 649yf2) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request 
“POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.
How can I fix this?