I am not aware of specific cPanel store issues at this time. If the error happens again, can you open a support ticket immediately using the link in my signature and then update me with the ticket ID?
I really wish the cPanel devs did a better job of communicating what ports and IP's are necessary for various essential functions on servers that have to live in a more locked down state. We ran into a similar issue with WordPress Toolkit. Some parts of it just don't work correctly behind a restrictive firewall, and when we attempted to get some clarity on what we would need to whitelist we just kinda got a ¯\_(ツ)_/¯.
I agree, we generally have no need to keep some of the cpanel services ports open because we don't use them ever and they are a potential security risk. Even if there isn't a direct vulnerability, if they're publicly available, people with be bashing at them 24/7. I have one server that we use CSF/LFD on and leaving the cpanel or webmail or other ports open will result in literally tens of thousands of blocked IP's in a matter of hours. But, it's definitely not clear enough what ports are needed both in and out for basic functionality, seems common to run into processes that use a port that is unexpected or undocumented. Apparently some services either use their own ports or don't use the cpanel licensing or normal ones. I didn't bother to monitor the process when I was able to successfully run it. I'll probably do that next time just so I know what things are going out on and coming back in on.
We have a full list of firewall options here:
docs.cpanel.net
If you're seeing something that needs to be opened that *isn't* on that list, please let me know so I can do some testing on my end.
How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation
This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.
docs.cpanel.net
If you're seeing something that needs to be opened that *isn't* on that list, please let me know so I can do some testing on my end.
I cannot speak for others, but our problem was inbound/oubound IP's - some internal services talk to other resources out on the internet and if you have a host that requires controlled access to a certain IP range then those services just go dark or work haphazardly (as was our experience testing Wordpress Toolkit).We have a full list of firewall options here:
How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation
This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.
If you're seeing something that needs to be opened that *isn't* on that list, please let me know so I can do some testing on my end.
Here's what worked for me
- I added the server's domain as an account
- Installed a wildcard certificate using Let's Encrypt
- Assigned it to the cPanel/cPanel services under Manage Service SSL Certificates --> Browse Certificates --> Apache (then selected the wildcard *.serverdomain.com from step 2)
