System failed to acquire a signed certificate from the cPanel Store

  • Thread starter Deleted member 868887
  • Start date
D

Deleted member 868887

Guest
Hi,
I started receiving notifications through cPanel in February:

Subject line: 1 service generated warnings while checking SSL certificates

Content: The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID vcqhek) The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner

I called GoDaddy support (GoDaddy is our hosting provider) to find out what was causing this and they determined it was related to our Service SSL certificates. I renewed them manually (even though they were not expiring until May) through WHM which seemed to work fine, but I still keep getting the above notifications every day.

I've looked around the cPanel forum for a solution and can see other people are having similar issues, however I am not sure if my issue is exactly the same.

I ran the "hostname" and "dig a host.name.tld" commands (which I've seen suggested in other posts) and here's the output from those (I've obfuscated the hostname and IP):

1) hostname
Code:
hosts.example.org
2) dig a host.example.org
Code:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> a hosts.example.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13201
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hosts.example.org.    IN    A

;; ANSWER SECTION:
hosts.example.org.    3600 IN    A    xxx.xxx.xxx.xxx

;; Query time: 28 msec
;; SERVER: 208.109.96.1#53(208.109.96.1)
;; WHEN: Sat Apr 13 08:33:15 2019
;; MSG SIZE  rcvd: 64
After this I ran the "/usr/local/cpanel/bin/checkallsslcerts" command and got the following output:
Code:
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store; requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/BCA30B7B48C3E2B510EBE90A58FEBFA7.txt) …
    … complete.
Setting up DNS DCV (CNAME _bca30b7b48c3e2b510ebe90a58febfa7.hosts.example.org) …
    … complete.
Attempting DNS DCV preflight check …
    FAILED: The DNS DCV check (_bca30b7b48c3e2b510ebe90a58febfa7.hosts.example.org IN CNAME) did not return the expected value (b6d2a6f2a96273ae8635bbdbdfabf86f.4557d9adaa29eae5f7898ca3b72499af.comodoca.com).
Attempting HTTP DCV preflight check …
    … success!
(XID vcqhek) The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner
Undoing HTTP DCV setup (/var/www/html/.well-known/pki-validation/BCA30B7B48C3E2B510EBE90A58FEBFA7.txt) …
    … done.
Undoing DNS DCV setup (CNAME _bca30b7b48c3e2b510ebe90a58febfa7.hosts.example.org) …
    … done.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID vcqhek) The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
Can you help identify the issue? I'd like to resolve whatever is causing the errors I'm seeing, but I'm not very familiar with this territory of our server/cPanel.

Thank you!
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,768
322
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
I find this interesting. I was not aware a partner could block the free hostname SSL certificates.

I look forward to hearing a reply from cPanel, but it sounds like godaddy is blocking the free hostname certificates in order to push their clients into buying them?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,291
313
Houston
GoDaddy most certainly does block the ability for their customers to provision free hostname certificates, this is an issue you'll need to discuss with them further and is definitely what is occurring here.

I was not aware a partner could block the free hostname SSL certificates.
They can block a number of things including this through Manage2
 
D

Deleted member 868887

Guest
Thank you for the reply.

Just to clarify, when you're looking at the code I provided in my first post, you can tell that GoDaddy is blocking the free hostname certificates (i.e., what's needed for the cPanel Service SSL certificates)?

Thanks!
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,291
313
Houston
Hello @livingmiracles

As shown by @Infopro that code specifically states that they're being blocked

Code:
 Free hostname certs are not allowed by this partner
You'll need to discuss with GoDaddy how they want you to proceed with securing the hostname in this instance.
 
D

Deleted member 868887

Guest
Thank you! That's very helpful information. I will talk with GoDaddy about this issue and will likely update here in case others are running into the same issue.
 
  • Like
Reactions: cPanelLauren