"The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests."

mvandemar

Well-Known Member
Jun 17, 2006
161
43
178
Yes, even if you have switched to Let's Encrypt the hostname SSL still gets processed through Sectigo so it can result in those warnings.
So the system ssl certs will just expire with no resolution and no workaround now? Seriously?

-Michael
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
@cPRex
this has been like this since Feb 27, 2022 3:06:01 AM issued for update but nothing,
03/013022 @ 11:17:43 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 3/4/22, 12:00 AM UTC (2.28 days from now)
ERROR Defect: ALMOST_EXPIRED: The certificate will expire very soon.

I think there was a workaround to backup the ssl or a file and then try autossl again and see if it renews?
I can't find the link, I could try that first if not then put in a ticket I guess

there is also another domain going to expire in 6 days as well.
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Hello Would this remove the certificate request and then possibly we can run autossl again for the particular domain / sub domain and see if that works ?



How can I clear the AutoSSL queue?


Answer
Simply move and rename the AutoSSL Sqlite3 database and it will be recreated when AutoSSL is re-run.

This file is located at /var/cpanel/autossl_queue_cpanel.sqlite
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Sounds like a good candidate for a ticket for sure.
Ticket number #94421455
unfortunatley my license is from my host provider and not direct from cPanel so I hope they can get to fix it before the 2 days :(

thanks @cPRex
 
Last edited:

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Hello Would this remove the certificate request and then possibly we can run autossl again for the particular domain / sub domain and see if that works ?



How can I clear the AutoSSL queue?


Answer
Simply move and rename the AutoSSL Sqlite3 database and it will be recreated when AutoSSL is re-run.

This file is located at /var/cpanel/autossl_queue_cpanel.sqlite
Did not work but was worth a try
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Thanks for that - I'm following along on my end now.
quick question do we need these IP's in our allowed firewall


Code:
Sectigo validates the DCV file from the following IP addresses:


178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132
Important:
Sectigo uses these IP addresses to attempt to access the cPanel server. 
You must allow these IPs in the server firewall. 
For more information, read our How to Configure Your Firewall for cPanel & WHM Services documentation.
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Thanks for that - I'm following along on my end now.
Update:
from Support:
I noticed the following issues:

Code:
curl -I mydomain.com

HTTP/1.1 301 Moved Permanently

Date: Tue, 01 Mar 2022 22:27:55 GMT

Location: https://mydomain.com/

Server: AUTOM8N-nginx



curl -I dev.mydomain.com

HTTP/1.1 301 Moved Permanently

Date: Tue, 01 Mar 2022 22:28:44 GMT

Location: https://dev.mydomain.com/

Server: AUTOM8N-nginx
There will be a problem with the validation check when the site redirects from HTTP to HTTPS. I also see that you are running a third party version of Nginx:

nginx-nDeploy-1.21.6-3.el8.x86_64

Please either switch to Apache solely or use the supported version of Nginx temporarily. After switching from the third party version of Nginx, please try having the SSL issued again.

Edit2: my response

Hello I have gone ahead and disabled the plugin,



the 301 redirect is at each cPanel account mydomain> under domains>Force HTTPS Redirect is OFF

the AutoSSL worked prior with my plugin Nginx from autom8n and with Force https Redirect in Domains.
- so I am a little confused as to why now I would have to turn off the plugin and turn off Force Https redirects


please advice ?



Code:
[[email protected] ~]# curl -I mydomain.com
HTTP/1.1 301 Moved Permanently
Date: Tue, 01 Mar 2022 22:44:28 GMT
Server: Apache
Location: https://mydomain.com/
Content-Type: text/html; charset=iso-8859-1



[[email protected] ~]# curl -I dev.mydomain.com
HTTP/1.1 301 Moved Permanently
Date: Tue, 01 Mar 2022 22:44:53 GMT
Server: Apache
Location: https://dev.mydomain.com/
Content-Type: text/html; charset=iso-8859-1


UPDATE#3
I also added those 4 IP's of Sectigo to CSF and in Home>Security Center> cPHulk Brute Force Protection > Whitelist Management
Code:
Sectigo validates the DCV file from the following IP addresses:


178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132
Important:
Sectigo uses these IP addresses to attempt to access the cPanel server.
You must allow these IPs in the server firewall.
For more information,
read our How to Configure Your Firewall for cPanel & WHM Services documentation.
THEN: I turned off in cpanel the 301 redirect at each cPanel account > under domains>Force HTTPS Redirect is ON

and finally it updated???

Code:
5:10:01 PM Polling for “mydoman1”’s new certificate for “mydomain.com” (order item ID “27382738”) …
5:10:03 PM The certificate is available.
Installing “mydomain.com”’s new certificate …
5:10:05 PM SUCCESS Success!


5:22:01 PM Polling for “mysubdomain2”’s new certificate for “dev.mydomain.com” (order item ID “2762674373”) …
5:22:02 PM The certificate is available.
Installing “dev.mydomain.com”’s new certificate …
5:22:04 PM SUCCESS Success!
The Problem is now,
- why did AutoSSL work before with Autom8n-Nginx and Force HTTPS Redirect ON.
- if we have 100's of clients and they have this feature (Force HTTPS Redirect ON for their domains and sub.domains
- how will they know to turn this feature off to get an updated AutoSSL ?

I'm sure I am not the only one using this 301 redirect ( otherwise if someone types in mydomain.com the site will not show the certificate as SSL secure.

unless they type in https;//mydomain.com
- also if I wanted to have www.mydomain.com ( as I do in one of my scripts, its required to install it with either www.mydomain.com or just mydomain.com or the popup login windows will not function properly.

so I have it redirect to www.mydomain.com (using the Force HTTPS Redirect so SSL cert shows up.)

*** Very disturbing and will be Very aggravating to try and have clients turn off> (Force HTTPS Redirect) to get the AutoSSL license to update.

can anyone further investigate this, why is this happening.
I am glad it worked but image 100's of sites not updating. and we have to turn off features in cPanel on each account to get the update :(

Thanks
Spiro


UPDATE#4

from support

Hello,

Ideally, you will either want to use the supported Nginx install or Apache.

If you plan on using the third party Nginx then you may want to apply the work around that you did.

The issue that you experienced only seems to occur with a third party install of Nginx.

You can still use the Force https Redirect in Domains feature.

MY REPLY


ME:
ok I will talk to the Developer cause I'm sure there are plenty of people using his plugin:

Support: The issue that you experienced only seems to occur with a third party install of Nginx.



Support: You can still use the Force https Redirect in Domains feature.




ME: Are you sure about this 301 redirect?

- because I first turned of the plugin, then I waiting about 10 mins and nothing happened so I turned off HTTPS Redirect from cpanel for domain.com and within 2-3 mins it updated..

- then waited about another 10 mins and dev.mydomain.com did not update and I turn off the HTTPS Redirect in cpanel for dev.mydomain.com and also for mydomain.com and waited 2-3 more minutes and that updated as well..

it seems to me it is more the 301 HTTPS Redirect than the plugin ?

I posted in the Forums as well and lets see if someone turns off Force Redirect and their SSL updates.
Then for sure we will know if it is the Force HTTPS Redirect or not.

I'm sure there are more people who use this cPanel feature (Force HTTPS Redirect) on their domains and sub.domains
just wondering.


Thanks hope this might help someone to get the updated AutoSLL working for them whom are close to expiry

Spiro
 
Last edited:
  • Like
Reactions: mvandemar

mvandemar

Well-Known Member
Jun 17, 2006
161
43
178
Oh for sure, I completely agree. We're exploring options on our end too, both long and short term, which is why I'm keeping this thread updated. There isn't a case number though since development isn't involved as the current issues wouldn't be fixed with updates to the product.

I'll definitely keep you guys updated as I find out more.
@cPRex Any updates on this? There were a couple days without the error, then it happened again on March 7th, but it looks like from the 8th - 13th it hasn't recurred (yet, and I really only checked 1 of the 5 servers I manage). I have not seen any notices on the progress of the issue though, was there an actual resolution as far as you know, or is it still hit or miss?

Thanks!

-Michael
 

PbG

Well-Known Member
Mar 11, 2003
249
0
166
FYI: Restarting PDNS & Apache resolved this issue for me. Thanks!
 

CoNfOuNd

Member
Feb 20, 2004
22
1
153
Ireland
cPanel Access Level
Root Administrator
Unfortunately we're still seeing issues with the Sectigo system with errors like "provider cannot currently accept incoming requests. The system will try again later."

@cPRex Is cPanel applying whatever pressure it can on Sectigo to fix these on-going issues?

My understanding was that Sectigo was not meant to have rate limiting but that isn't the reality?

Certs are meant to be renewed up to 15 days in advance? So the recent failures we're seeing mean the Sectigo system has been unable to process the renewal after potentially up to 15 days of attempts?

The following KB article is 10 months old and has no resolution. As a webhost it makes us & cPanel look bad when we're offering a solution that is not robust.
 

The Old Man

Well-Known Member
Feb 24, 2016
80
21
58
UK
cPanel Access Level
Root Administrator
WHM 102.0.10 - Having the same issue on 2 sites:

The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.

I wish WHM/Cpanel would work properly with Cloudflare's free Certs.
 
  • Like
Reactions: Spirogg
Thread starter Similar threads Forum Replies Date
E Server Management 1