Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

System failed to acquire a signed certificate from the cPanel Store

Discussion in 'Security' started by livingmiracles, Apr 13, 2019.

  1. livingmiracles

    livingmiracles Member

    Joined:
    May 5, 2017
    Messages:
    19
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Hi,
    I started receiving notifications through cPanel in February:

    Subject line: 1 service generated warnings while checking SSL certificates

    Content: The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID vcqhek) The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner

    I called GoDaddy support (GoDaddy is our hosting provider) to find out what was causing this and they determined it was related to our Service SSL certificates. I renewed them manually (even though they were not expiring until May) through WHM which seemed to work fine, but I still keep getting the above notifications every day.

    I've looked around the cPanel forum for a solution and can see other people are having similar issues, however I am not sure if my issue is exactly the same.

    I ran the "hostname" and "dig a host.name.tld" commands (which I've seen suggested in other posts) and here's the output from those (I've obfuscated the hostname and IP):

    1) hostname
    Code:
    hosts.example.org
    2) dig a host.example.org
    Code:
    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> a hosts.example.org
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13201
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;hosts.example.org.    IN    A
    
    ;; ANSWER SECTION:
    hosts.example.org.    3600 IN    A    xxx.xxx.xxx.xxx
    
    ;; Query time: 28 msec
    ;; SERVER: 208.109.96.1#53(208.109.96.1)
    ;; WHEN: Sat Apr 13 08:33:15 2019
    ;; MSG SIZE  rcvd: 64
    After this I ran the "/usr/local/cpanel/bin/checkallsslcerts" command and got the following output:
    Code:
    The system will check for the certificate for the “cpanel” service.
    The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
    The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
    Received error “X::NoCertificate” from cPanel Store; requesting new certificate …
    Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/BCA30B7B48C3E2B510EBE90A58FEBFA7.txt) …
        … complete.
    Setting up DNS DCV (CNAME _bca30b7b48c3e2b510ebe90a58febfa7.hosts.example.org) …
        … complete.
    Attempting DNS DCV preflight check …
        FAILED: The DNS DCV check (_bca30b7b48c3e2b510ebe90a58febfa7.hosts.example.org IN CNAME) did not return the expected value (b6d2a6f2a96273ae8635bbdbdfabf86f.4557d9adaa29eae5f7898ca3b72499af.comodoca.com).
    Attempting HTTP DCV preflight check …
        … success!
    (XID vcqhek) The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner
    Undoing HTTP DCV setup (/var/www/html/.well-known/pki-validation/BCA30B7B48C3E2B510EBE90A58FEBFA7.txt) …
        … done.
    Undoing DNS DCV setup (CNAME _bca30b7b48c3e2b510ebe90a58febfa7.hosts.example.org) …
        … done.
    [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID vcqhek) The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner
    The system will check for the certificate for the “dovecot” service.
    The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
    The system will check for the certificate for the “exim” service.
    The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “exim” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
    The system will check for the certificate for the “ftp” service.
    The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
    Can you help identify the issue? I'd like to resolve whatever is causing the errors I'm seeing, but I'm not very familiar with this territory of our server/cPanel.

    Thank you!
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,485
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    I find this interesting. I was not aware a partner could block the free hostname SSL certificates.

    I look forward to hearing a reply from cPanel, but it sounds like godaddy is blocking the free hostname certificates in order to push their clients into buying them?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    livingmiracles likes this.
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    GoDaddy most certainly does block the ability for their customers to provision free hostname certificates, this is an issue you'll need to discuss with them further and is definitely what is occurring here.

    They can block a number of things including this through Manage2
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. livingmiracles

    livingmiracles Member

    Joined:
    May 5, 2017
    Messages:
    19
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Thank you for the reply.

    Just to clarify, when you're looking at the code I provided in my first post, you can tell that GoDaddy is blocking the free hostname certificates (i.e., what's needed for the cPanel Service SSL certificates)?

    Thanks!
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,948
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Code:
    The cPanel Store returned an error (X::PermissionDenied) in response to the request “POST ssl/certificate/whm-license”: Free hostname certs are not allowed by this partner
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @livingmiracles

    As shown by @Infopro that code specifically states that they're being blocked

    Code:
     Free hostname certs are not allowed by this partner
    You'll need to discuss with GoDaddy how they want you to proceed with securing the hostname in this instance.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. livingmiracles

    livingmiracles Member

    Joined:
    May 5, 2017
    Messages:
    19
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Thank you! That's very helpful information. I will talk with GoDaddy about this issue and will likely update here in case others are running into the same issue.
     
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice