SOLVED Failing to acquire SSL on DNSONLY server

[Noxwaste]

Not sure if this is the right forum, but I currently have two DNSONLY servers setup for my nameservers: ns1.domain.com and ns2.domain.com. The NS1 DNSONLY server acquired an SSL certificate without any issues. However on the NS2 server, since I set it up about a month ago, it has failed to get an SSL every night and I get an e-mail every night with the following info:

The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 653.

Can someone point me in the right direction of which log files you might need, as well as how to go about getting this resolved? From what I can tell, the server is setup fine as I followed all of the exact same instructions for NS2 as I did for NS1.

Thanks!

 

[Maxin John]

HI,
1) make sure the A record/cnames are correctly pointed to the server
2) make sure the hostname is correct ( fully qualified domain name )
3) then try to install ssl using following command

  /usr/local/cpanel/bin/checkallsslcerts

 

[cPRex]

If you get any additional errors from the checkallsslcerts command that @Maxin John posted, that may also be helpful, as that particular error from the email notification doesn't give us much information to work with.

 

[Noxwaste]

I went through and checked everything. Here is the info:

1. All DNS entries are correct and present. I checked inside of WHM's DNS Zone Manager and both ns1.domain.com and ns2.domain.com match exactly, except for the IP addresses, which both have different public IP addresses.

2. The hostname looks like this:

[root@ns2 ~]# hostnamectl
Static hostname: ns2.domain.com
Icon name: computer-vm
Chassis: vm
Machine ID: 0217712f4e6c47908a53ba7609105463
Boot ID: 4ffc906d9e8b4b36a0423927c1060012
Virtualization: qemu
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-1160.59.1.el7.x86_64
Architecture: x86-64
[root@ns2 ~]# hostname
ns2.domain.com

3. And the output from your command gives me this:

[root@ns2 ~]# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 653.

The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.

 

[Noxwaste]

Waaaaiiiiittttttt I think I got it figured out. I did a Google search for the error and found this thread and response:

Failed update of services SSL certificates.

Hi! I manage a VPS. CentOS v7.9.2009, cPanel v100.0.5 Lately I receive error warnings after update retry of SSL Certificates of Exim, Dovecot and WHM. I have 15 more days to solve the problem, or else I assume mail accounts will stop working. The system failed to acquire a signed certificate...

forums.cpanel.net

Figuring it couldn't mess anything up anymore, I went ahead and ran the command:

mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v ‘/var/cpanel/hostname_cert_csrs’ -> ‘/var/cpanel/hostname_cert_csrs.cpbkp’

Once that renamed the hostname_cert_csrs directory, I ran the following command:

/usr/local/cpanel/bin/checkallsslcerts --verbose

Everything went through just fine, and it looks as if my ns2 server now has the signed certificate. Thanks for sort of leading me in the right direction!