Failed update of services SSL certificates.

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,046
111
118
Houston, TX
cPanel Access Level
Root Administrator
I tried again this morning and the query went through. What was going on with the store?
I am not aware of specific cPanel store issues at this time. If the error happens again, can you open a support ticket immediately using the link in my signature and then update me with the ticket ID?
 

jestep

Well-Known Member
Dec 18, 2006
52
1
158
Having this same issue.

Does whm/cpanel use a specific port for ssl issuance for the hostname interface? There's no problem with the autossl for domains, but we have this server behind a hardware firewall with very limited ports open.
 

jestep

Well-Known Member
Dec 18, 2006
52
1
158
Update, it was a firewall issue with us that gave this exact error. Not sure what ports are being used but apparently blocking some prevents the server from properly requesting a certificate for the hostname.
 

jhawkins003

Active Member
Jun 24, 2014
44
15
58
cPanel Access Level
Root Administrator
Update, it was a firewall issue with us that gave this exact error. Not sure what ports are being used but apparently blocking some prevents the server from properly requesting a certificate for the hostname.
I really wish the cPanel devs did a better job of communicating what ports and IP's are necessary for various essential functions on servers that have to live in a more locked down state. We ran into a similar issue with WordPress Toolkit. Some parts of it just don't work correctly behind a restrictive firewall, and when we attempted to get some clarity on what we would need to whitelist we just kinda got a ¯\_(ツ)_/¯.
 
  • Like
Reactions: jestep

jestep

Well-Known Member
Dec 18, 2006
52
1
158
I really wish the cPanel devs did a better job of communicating what ports and IP's are necessary for various essential functions on servers that have to live in a more locked down state. We ran into a similar issue with WordPress Toolkit. Some parts of it just don't work correctly behind a restrictive firewall, and when we attempted to get some clarity on what we would need to whitelist we just kinda got a ¯\_(ツ)_/¯.
I agree, we generally have no need to keep some of the cpanel services ports open because we don't use them ever and they are a potential security risk. Even if there isn't a direct vulnerability, if they're publicly available, people with be bashing at them 24/7. I have one server that we use CSF/LFD on and leaving the cpanel or webmail or other ports open will result in literally tens of thousands of blocked IP's in a matter of hours. But, it's definitely not clear enough what ports are needed both in and out for basic functionality, seems common to run into processes that use a port that is unexpected or undocumented. Apparently some services either use their own ports or don't use the cpanel licensing or normal ones. I didn't bother to monitor the process when I was able to successfully run it. I'll probably do that next time just so I know what things are going out on and coming back in on.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
9,796
1,529
313
cPanel Access Level
Root Administrator

jhawkins003

Active Member
Jun 24, 2014
44
15
58
cPanel Access Level
Root Administrator
We have a full list of firewall options here:


If you're seeing something that needs to be opened that *isn't* on that list, please let me know so I can do some testing on my end.
I cannot speak for others, but our problem was inbound/oubound IP's - some internal services talk to other resources out on the internet and if you have a host that requires controlled access to a certain IP range then those services just go dark or work haphazardly (as was our experience testing Wordpress Toolkit).
 

chadreitsma

Registered
Mar 25, 2022
3
0
1
Canada
cPanel Access Level
Website Owner
Here's what worked for me
  1. I added the server's domain as an account
  2. Installed a wildcard certificate using Let's Encrypt
  3. Assigned it to the cPanel/cPanel services under Manage Service SSL Certificates --> Browse Certificates --> Apache (then selected the wildcard *.serverdomain.com from step 2)