SOLVED None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.

Lee Wickham

Member
Mar 24, 2017
7
2
3
United Kingdom
cPanel Access Level
Root Administrator
Hey guys,
my Free cpanel issued hostname cert for my server "svr1.example.co.uk" has expired and im having issues Re-Generating it, I have followed the steps to Generate the self signed SSL's via
  • Home » Service Configuration » Manage Service SSL Certificates
Using the "Reset Certificate" for each service.

however when i then go and run "/usr/local/cpanel/bin/checkallsslcerts" It reports that none of the certificates were valid for any of the services

Console Log:
Code:
[[email protected] ~]
# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store; requesting new certificate …
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID cnmmb9) The system queried for a
temporary file at “http://svr1.example.co.uk/.well-known/pki-validation/3B8C460FD7B17B55E03AEAF2135A90BB.txt”, but the web server responded with th
e following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
Not sure where to go next from here, any help with this would be most appreciated.

Cheers.

Lee.
 
Last edited by a moderator:

Lee Wickham

Member
Mar 24, 2017
7
2
3
United Kingdom
cPanel Access Level
Root Administrator
The 404 there is due to svr1.example.co.uk being the server hostname, thus no site present.

That error is not really the one im worried about, its the "
None of the certificates in the system ssl storage were acceptable to use for the "cpanel service name here"

are what's got me worried.
 

dalem

Well-Known Member
PartnerNOC
Oct 24, 2003
2,981
156
368
SLC
cPanel Access Level
DataCenter Provider
your hostname does have site its located here
/var/www/html

your issue is (you need to correct the permission errors)


Forbidden

You don't have permission to access /.well-known/pki-validation/ on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
 

Lee Wickham

Member
Mar 24, 2017
7
2
3
United Kingdom
cPanel Access Level
Root Administrator
Ok i see the issue here.

the primary hostname is "svr1.example.co.uk" Home dir "/var/www/html/"
and i am hosting the domain "example.co.uk" Home dir "/home/example/public_html/"

when i run the checkcerts command its generating the required file e.g "0A6309864491C3CF679CF13B4E6529E1.txt"
in "/var/www/html/

However the next step check for it over http in "/home/example/public_html/"

And ofc it's not there so that particular part fails.

Any suggestions?

Again thanks for the assistance!
 

Lee Wickham

Member
Mar 24, 2017
7
2
3
United Kingdom
cPanel Access Level
Root Administrator
Final Update:

Happy to report this issue has now been resolved

The Fix:
One of the support team noticed the server's hostname was not pointing to the servers primary IP and upon updating that I was able to successfully re-new the service certificates.

Just want to say a big thanks to every one here on the forum and the cPanel support team for assisting with this issue, it's greatly appreciated!


Lee.
 
  • Like
Reactions: Infopro

DolceHogarMX

Registered
Oct 18, 2018
1
0
1
mexico
cPanel Access Level
Website Owner
Hello I had the same issue I couldn't re-new the ssl. I got error the connection is not private I select ok and then I got the 404 error. I'm not sure if I accidentally erased something when I deleted the ssl key and certificate from Cpanel since it was giving me problems.
By the way my site is [removed]
If you could kindly guide me I would really appreciate it.
Not letting me even login to my admin account in WordPress
 
Last edited by a moderator:

Topotyn

Member
Sep 19, 2019
6
1
1
Ukraine
cPanel Access Level
Root Administrator
Hello!

I have the same problem and I don't understand why it was occurred. I use "Let’s Encrypt™" for all my sites and it works fine. But for my services (Calendar, cPanel, WebDisk, Webmail, and WHM Services, etc) it doesn't work. I tried to do recommendation from this site, but it doesn't work. Who can advise me where I can view verbose log file? Or suggest where the problem is?

[[email protected]_server ~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,092
780
313
cPanel Access Level
Root Administrator
It looks like the hostname certificate is being processed by Sectigo at this time. If you'd like to submit a ticket to our team with your server's details we can check that on our side and see what is causing that to take longer than normal.
 

Topotyn

Member
Sep 19, 2019
6
1
1
Ukraine
cPanel Access Level
Root Administrator
It looks like the hostname certificate is being processed by Sectigo at this time. If you'd like to submit a ticket to our team with your server's details we can check that on our side and see what is causing that to take longer than normal.
Hello!
Yes! I want to submit a ticket :) Thank you for you help!