"The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests."

JoseDieguez

Active Member
PartnerNOC
Jan 26, 2016
41
21
58
Chile
cPanel Access Level
Root Administrator
these past few days, we have seen a LOT of these 2 errors (19 servers all running latest cpanel ver)

1 error
The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (500, Internal Server Error): <!DOCTYPE HTML PUBLIC "-//IETF/…

2 error
The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.


we are getting websites not being able to renew certs because this is way too often.
 
  • Like
Reactions: mvandemar

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
But that won't work for the system ssl certificates still, right?
have you tried adding the IP's in your firewall and cphulk

see here

this is what ip's I added. below
Sectigo validates the DCV file from the following IP addresses:


178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132
Important:
Sectigo uses these IP addresses to attempt to access the cPanel server.
You must allow these IPs in the server firewall.
For more information,
read our How to Configure Your Firewall for cPanel & WHM Services documentation.
I had an issue and support helped me out and got certs for hostname and cpanel accounts right away..
 
  • Like
Reactions: Metro2 and cPRex

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
have you tried adding the IP's in your firewall and cphulk

see here

this is what ip's I added. below
Sectigo validates the DCV file from the following IP addresses:


178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132
Important:
Sectigo uses these IP addresses to attempt to access the cPanel server.
You must allow these IPs in the server firewall.
@Spirogg - although your reply was to someone else, thanks very much for the reminder about this. I had forgotten to add those to my CSF/LFD allow lists, and was starting to encounter the "cPanel (powered by Sectigo) provider cannot currently accept incoming requests" issue more frequently in the past couple days. After adding the IPs to CSF allow, big improvement and certs are starting to renew.
 
  • Like
Reactions: Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
@Spirogg - although your reply was to someone else, thanks very much for the reminder about this. I had forgotten to add those to my CSF/LFD allow lists, and was starting to encounter the "cPanel (powered by Sectigo) provider cannot currently accept incoming requests" issue more frequently in the past couple days. After adding the IPs to CSF allow, big improvement and certs are starting to renew.
I’m glad I reminded you ;)
 

CoNfOuNd

Member
Feb 20, 2004
22
1
153
Ireland
cPanel Access Level
Root Administrator
"cPanel (powered by Sectigo) provider cannot currently accept incoming requests"

I understand errors will always happen from time to time but this issue with the cPanel/Sectigo AutoSSL system has been going on for years.

@cPRex Please can you clarify under what circumstances this error can occur? Is it normally caused by a capacity issue at Sectigo? The request reaches Sectigo but their service is too busy to process it? Or is it another communication issue from/to the web server?
I'm sure cPanel have had many thousands of support tickets on this error, so what are the general findings?

All our server use CSF firewall which already whitelists 5 IPv4 addresses and 2 IPv6 ranges belonging to Sectigo. We don't think the requests are being blocked anywhere else. For example, we don't use cPhulk and the Sectigo IPs are not in the ModSecurity log files. Sometimes running the "/usr/local/cpanel/bin/autossl_check --all" script fixes the issue, sometimes restarting Apache appears to help, sometimes not.
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
"cPanel (powered by Sectigo) provider cannot currently accept incoming requests"

I understand errors will always happen from time to time but this issue with the cPanel/Sectigo AutoSSL system has been going on for years.

@cPRex Please can you clarify under what circumstances this error can occur? Is it normally caused by a capacity issue at Sectigo? The request reaches Sectigo but their service is too busy to process it? Or is it another communication issue from/to the web server?
I'm sure cPanel have had many thousands of support tickets on this error, so what are the general findings?

All our server use CSF firewall which already whitelists 5 IPv4 addresses and 2 IPv6 ranges belonging to Sectigo. We don't think the requests are being blocked anywhere else. For example, we don't use cPhulk and the Sectigo IPs are not in the ModSecurity log files. Sometimes running the "/usr/local/cpanel/bin/autossl_check --all" script fixes the issue, sometimes restarting Apache appears to help, sometimes not.

just out of curiosity - do any of the accounts have Force https redirect ON.


Screenshot 2022-04-21 053540.jpg

i had this issue and i whitelisted the 4 IP's
178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132
and turned OFF that setting for the domains under cPanel accounts) that we were having issues with.
then ran the script again and it worked.

but I agree there has been many post and thread on this issue. I think they are working on somesort of solution. or since there are millions of cert being renewed it could be anyone of the servers delaying this in a queue.

sectigo cpanel ?
thats just my 2 cents.
 

CoNfOuNd

Member
Feb 20, 2004
22
1
153
Ireland
cPanel Access Level
Root Administrator
@Spirogg Thanks for your reply. The 4 IPs you listed (and 1 other) are whitelisted already by CSF firewall. Where did you whitelist them? The IPs were not recorded anywhere in the server log files (including ModSecurity), and we don't use cPhulk, so I don't think they're being blocked anywhere.

Today I'm checking 5 different accounts on 1 server. None of them have "Force HTTPS Redirect", although I don't see why that would cause an issue because the redirect syntax added to an .htaccess file would usually contain an exception for AutoSSL. The issue I'm seeing today appears to be a communication issue with Sectigo.
 
  • Like
Reactions: cPRex

Metro2

Well-Known Member
May 24, 2006
554
90
178
USA
cPanel Access Level
Root Administrator
@Spirogg - although your reply was to someone else, thanks very much for the reminder about this. I had forgotten to add those to my CSF/LFD allow lists, and was starting to encounter the "cPanel (powered by Sectigo) provider cannot currently accept incoming requests" issue more frequently in the past couple days. After adding the IPs to CSF allow, big improvement and certs are starting to renew.
Oh well, so much for thinking that was helping. Right back to SSDD with this issue. :(
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Oh well, so much for thinking that was helping. Right back to SSDD with this issue. :(
me too last night having this issue. I have been getting 500 errors trying to update SSL. one server that has a few of my own websites i just tried letsencrypt and no issues updated right away. so go figure.

I am going to test tonight on one server - switching provider back to Sectigo from letsencrypt and see if that updates. will report back my findings here
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
Oh well, so much for thinking that was helping. Right back to SSDD with this issue. :(
ok so did that now.. and it worked..

I went and selected Sectigo for AutoSSL.
then saved..
then went to my cpanel account for that domain. and uninstalled the certificate for mydomain.tld www . mydomain.tld and mail. mydomain.tld

uninstall certificate.jpg
( these were to only ones I had certificates for from letsencrypt. just fyi)

so after uninstalling the letsencrypt certificate, I went back to cPanel for the domain and ran AutoSSL and it worked..


also below you can see that cpanel updated with Sectigo for this domain right now..
run autossl again.jpg

if in dire need you may want to try this ?

I will test again on another domain on another server a little later that does not have letsencrypt. but I uninstalled the certificate of Sectigo and it won't reinstall via AutoSSL. so this time I will install Letsencrypt and use AutoSSL and install a cert. then switch to Sectigo then uninstall cert from letsencrypt then re run AutoSSL from Sectigo and see if success again. will post again my findings
 

JoseDieguez

Active Member
PartnerNOC
Jan 26, 2016
41
21
58
Chile
cPanel Access Level
Root Administrator
these past few days, we have seen a LOT of these 2 errors (19 servers all running latest cpanel ver)

1 error
The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (500, Internal Server Error): <!DOCTYPE HTML PUBLIC "-//IETF/…

2 error
The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.


we are getting websites not being able to renew certs because this is way too often.
still having the 2nd error way too much.
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
258
41
78
UK
cPanel Access Level
Root Administrator
I am still getting this issue too. Seems Sectigo is completely broken - they can't handle the volume of requests and don't want to fix it - so why is cPanel bothering with Sectigo? Why not switch entirely to Let's Encrypt ?

I am switching to Let's Encrypt for the domains that fail, but then I switch back inside the Manage SSL Hosts section, because I am also using the Sectigo cpanel service to renew hostnames ssl etc.... My understanding that cpanel does not allow that with Let's Encrypt. Is there a particular reason why not? Could we not just ditch sectigo altogether.... it seems their service is wholly unreliable....
 
  • Like
Reactions: Spirogg

WorkinOnIt

Well-Known Member
Aug 3, 2016
258
41
78
UK
cPanel Access Level
Root Administrator
@WorkinOnIt - the AutoSSL provider is unrelated to the hostname certificate. You can permanently leave that on Let's Encrypt and your hostname certificate will still be issued through Sectigo normally.
Aha that's good to hear! I assume this is a recent change, because I am sure I had that correct previously it was tied to Sectigo?

But this is the message I see inside the Manage Auto SSL screen, when I enable Let's Encrypt:

Current Provider: Let’s Encrypt™

Please Note: The Let’s Encrypt™ provider plugin does not generate hostname certificates for your system’s services. It only generates SSL certificates for your cPanel accounts. For more information, read our Let’s Encrypt™ plugin documentation. Click here.

I took that to be a warning that if I use Let's Encrypt, I will no longer get automated Hostname / system services SSLs ?
I guess this could be worded differently if not... Please clarify?


Manage Service SSL Certificates | cPanel & WHM Documentation <<< no mention of Let's Encrypt here....

So - did I read it wrong? If so, now there is no reason not to just use Let's Encrypt permanently then - other than rate limiting issues, which does not really impact me ?
 
Last edited:
  • Like
Reactions: Spirogg

JoseDieguez

Active Member
PartnerNOC
Jan 26, 2016
41
21
58
Chile
cPanel Access Level
Root Administrator
I am still getting this issue too. Seems Sectigo is completely broken - they can't handle the volume of requests and don't want to fix it - so why is cPanel bothering with Sectigo? Why not switch entirely to Let's Encrypt ?

I am switching to Let's Encrypt for the domains that fail, but then I switch back inside the Manage SSL Hosts section, because I am also using the Sectigo cpanel service to renew hostnames ssl etc.... My understanding that cpanel does not allow that with Let's Encrypt. Is there a particular reason why not? Could we not just ditch sectigo altogether.... it seems their service is wholly unreliable....
we are having this issue, way too often, every single day on almost all servers... ssls not being issued.. ssls not being renewed...

if Cpanel can confirm that the Hostname SSL will still be issued and renewed if we change AutoSSL to Lets Encrypt, then we will do the jump
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
the AutoSSL provider is unrelated to the hostname certificate. You can permanently leave that on Let's Encrypt and your hostname certificate will still be issued through Sectigo normally.
if Cpanel can confirm that the Hostname SSL will still be issued and renewed if we change AutoSSL to Lets Encrypt, then we will do the jump
@JoseDieguez yes you can make the jump see first quote from cPRex above.
 
Last edited:

WorkinOnIt

Well-Known Member
Aug 3, 2016
258
41
78
UK
cPanel Access Level
Root Administrator
Correct - even with the switch the Let's Encrypt the hostname certificate is still processed through Sectigo. That isn't a change, but has been standard behavior since AutoSSL was introduced.
Awesome - that means we can switch, and will see how it goes. thanks for confirming.

You may want to get someone to update the text:



Important:
  • This plugin does not generate hostname certificates for your system’s services. It only generates SSL certificates for your cPanel accounts. For more information, read our Manage AutoSSL documentation.

New Text example:

Important:
  • This plugin does not generate hostname certificates for your system’s services. It only generates SSL certificates for your cPanel accounts. Hostname certificates will continue to be automatically provided by Sectigo in a default setup.... For more information, read our Manage AutoSSL documentation.
 
Thread starter Similar threads Forum Replies Date
E Server Management 1