SOLVED None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.

[Lee Wickham]

Hey guys,
my Free cpanel issued hostname cert for my server "svr1.example.co.uk" has expired and im having issues Re-Generating it, I have followed the steps to Generate the self signed SSL's via

• Home » Service Configuration » Manage Service SSL Certificates

Using the "Reset Certificate" for each service.

however when i then go and run "/usr/local/cpanel/bin/checkallsslcerts" It reports that none of the certificates were valid for any of the services

Console Log:

[[email protected] ~]
# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store; requesting new certificate …
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID cnmmb9) The system queried for a
temporary file at “http://svr1.example.co.uk/.well-known/pki-validation/3B8C460FD7B17B55E03AEAF2135A90BB.txt”, but the web server responded with th
e following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.

Not sure where to go next from here, any help with this would be most appreciated.

Cheers.

Lee.

 

[dalem]

the error states you have a 404 error here
http://svr1.example.co.uk/.well-known/pki-validation/

what happens when you load it

 

[Lee Wickham]

The 404 there is due to svr1.example.co.uk being the server hostname, thus no site present.

That error is not really the one im worried about, its the "
None of the certificates in the system ssl storage were acceptable to use for the "cpanel service name here"

are what's got me worried.

 

[Lee Wickham]

I've just noticed that the forum seems to be replacing the domain name with "example" im sure this is normal for the forums, but just making a note of it here, my host name in the above should be "fireworks".

 

[Infopro]

I've just noticed that the forum seems to be replacing the domain name

Real domain names, IP or email addresses should never be posted on a public forum.

 

[Lee Wickham]

Real domain names, IP or email addresses should never be posted on a public forum.

Ahh Understood, my apologies!

 

[dalem]

your hostname does have site its located here
/var/www/html

your issue is (you need to correct the permission errors)


Forbidden
You don't have permission to access /.well-known/pki-validation/ on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

 

[Lee Wickham]

Ok i see the issue here.

the primary hostname is "svr1.example.co.uk" Home dir "/var/www/html/"
and i am hosting the domain "example.co.uk" Home dir "/home/example/public_html/"

when i run the checkcerts command its generating the required file e.g "0A6309864491C3CF679CF13B4E6529E1.txt"
in "/var/www/html/

However the next step check for it over http in "/home/example/public_html/"

And ofc it's not there so that particular part fails.

Any suggestions?

Again thanks for the assistance!

 

[Lee Wickham]

Update:
This seems to be an issue with http vs https , via https i can see the diredtory properly and the text files however when loading via http it's looking at the main domain instead of the hostname.

 

[Lee Wickham]

Final Update:

Happy to report this issue has now been resolved

The Fix:
One of the support team noticed the server's hostname was not pointing to the servers primary IP and upon updating that I was able to successfully re-new the service certificates.

Just want to say a big thanks to every one here on the forum and the cPanel support team for assisting with this issue, it's greatly appreciated!


Lee.

 

[Infopro]

Happy to hear you got it sorted.

 

[DolceHogarMX]

Hello I had the same issue I couldn't re-new the ssl. I got error the connection is not private I select ok and then I got the 404 error. I'm not sure if I accidentally erased something when I deleted the ssl key and certificate from Cpanel since it was giving me problems.
By the way my site is [removed]
If you could kindly guide me I would really appreciate it.
Not letting me even login to my admin account in WordPress

 

[Infopro]

If you could kindly guide me I would really appreciate it.

Do you have root access to the server your account is on? Assuming you don't as your forum profile lists you as Website Owner. In that case, your best bet is to contact your Hosting Provider about this matter.

 

[Topotyn]

Hello!

I have the same problem and I don't understand why it was occurred. I use "Let’s Encrypt™" for all my sites and it works fine. But for my services (Calendar, cPanel, WebDisk, Webmail, and WHM Services, etc) it doesn't work. I tried to do recommendation from this site, but it doesn't work. Who can advise me where I can view verbose log file? Or suggest where the problem is?

Show/Hide: output from "checkallsslcerts --verbose" command

[[email protected]_server ~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.

 

[cPRex]

It looks like the hostname certificate is being processed by Sectigo at this time. If you'd like to submit a ticket to our team with your server's details we can check that on our side and see what is causing that to take longer than normal.

 

[Topotyn]

It looks like the hostname certificate is being processed by Sectigo at this time. If you'd like to submit a ticket to our team with your server's details we can check that on our side and see what is causing that to take longer than normal.

Hello!
Yes! I want to submit a ticket Thank you for you help!

 

[cPRex]

You can do that through the link in my signature or through the WHM interface :D

 

[Topotyn]

You can do that through the link in my signature or through the WHM interface :D

Thank you, I have request's number #94313485

 

[cPRex]

Thanks for doing that. I'm following along with that ticket now so I'll keep this thread updated.

 

[cPRex]

Just to post an update, it looks like the "pending" issue was a problem with the firewall on the user's system, and after allowing the Sectigo IPs things are working well.