"The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests."

JoseDieguez

Well-Known Member
PartnerNOC
Jan 26, 2016
57
31
68
Chile
cPanel Access Level
Root Administrator
For what it's worth, I am a loooooong time user of cPanel and more recently WHM, I host 300+ websites and yes I do get this issue too and it can be frustrating, however I just sit and try again and after 4 or 5 attempts it goes through, it's not a massive issue. Some people above venting their anger and frustration, and that's fine, but i'd understand this more if AutoSSL just didn't work full stop, that's not the case, it does work, you just have to be a bit persistent until the issue is resolved.

Keep up the good work cPanel!
sure, if you can just "sit an try over and over" for the 3 clients between those 300 websites.. or 30 clients between 3.000 websites or 300 clients between 30.000 websites, etc.
 
  • Like
Reactions: LBJ

DennisMidjord

Well-Known Member
Sep 27, 2016
330
69
78
Denmark
cPanel Access Level
Root Administrator
It’s really not hard, and doesn’t take long either, I don’t see what your problem is except for arguing for the sake of arguing…
The problem? AutoSSL.
We have a few thousand clients and are hosting more than 10.000 websites. The past few weeks, our support queue has been filled with "Why is my SSL certificate expired"-kind of questions.

Also, I don't know what kind of luck you guys are having since you're able to get a certificate within 5 tries. On average, I think we're clicking "Run AutoSSL" 10 times, and sometimes we're really unlucky. Today, I've spent more than 45 minutes trying to get a single certificate renewed. All but the last failed with "The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later."

This is a rather big issue. Basically everyone expects that their host is able to provide a free SSL certificate today.
I don't know why cPanel hasn't decided to make a public statement about these issues. All I'm seeing is staff replying to the tens of threads that have been made, and are still being made.
This has been going on for months and the issue only seems to be bigger. We get more and more tickets about the issue.
 

raisulmushfeq

Registered
Dec 28, 2019
2
1
3
Bangladesh
cPanel Access Level
Root Administrator
We too are facing the same issue at the moment ( cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later. ). I thought this was already resolved, but I was wrong.
 

JoseDieguez

Well-Known Member
PartnerNOC
Jan 26, 2016
57
31
68
Chile
cPanel Access Level
Root Administrator
It’s really not hard, and doesn’t take long either, I don’t see what your problem is except for arguing for the sake of arguing…
Man.. you are just arguing because you like it. Because for you specific small case is not a problem.

If you have 1 server with some clients, and you have free time everyday, that's awesome for you.

Most will have few dozens or hundreds of servers, and no free time.
 
  • Like
Reactions: LBJ and cPRex

mvandemar

Well-Known Member
Jun 17, 2006
166
46
178
Interesting.... why would one have to be persistent if the process was working automatically?

As you stated... you have to manually try again 4 or 5 times.... that is not auto. My experience has been similar... I have to retrigger the renewal a few times manually. However, until this started to happen repeatedly... I was not even aware that it was the problem or that there was even a suggestion on how to mitigate for now.
Automatic = x number of attempts per day (I think once?) to get a cert.

Manual = attempting to get a cert as many times per day you want to try, increasing the likelihood of hitting the system when it's not overloaded with requests.

I had to wait for clients to tell me their sites were having SSL issues.
Do you not get emails when the process fails?

-Michael
 

coolcom

Active Member
Mar 3, 2005
30
10
158
Automatic = x number of attempts per day (I think once?) to get a cert.

Manual = attempting to get a cert as many times per day you want to try, increasing the likelihood of hitting the system when it's not overloaded with requests.

Do you not get emails when the process fails?

-Michael
Hi Michael...

Good question... I appreciate you pointing that out, actually. I'm looking at the notifications, though, and I am not seeing a notice that would apply to this issue. There ARE notices for Expiring Soon, for Certificate Expiration (all after the fact)...

...ahhhh...

"cPanel service SSL certificate warnings... This option indicates that a waning was generated..."

So yes, that would at least let me know there is an issue while it is trying to replace... and then I can go and do the retrys. It doesn't prevent the problem, but it would let me know, hopefully before the customer does.

Hey, I'm all for doing what it takes to fix first... and yes, the repeated "trys" do seem to work.

Again though, my suggestion is simply that I feel there should be communication from Sectigo and cPanel when something like this comes up. I should be hearing from them... not my customers.

For what it's worth... the issue appears to be dying down.
 
  • Like
Reactions: adeyjones

abursill

Member
Nov 8, 2019
18
4
3
Thailand
cPanel Access Level
Website Owner
Mine was also hanging today saying requests could not be received by Sectigo at eh moment.
After running
yum-complete-transaction
all my certs were suddenly issued. Coincidence may be but probably not.
 
  • Like
Reactions: mlopez

elmister

Well-Known Member
Mar 2, 2004
48
3
158
Same problem here, having the same issue in multiple servers for weeks which is creating a customer support nightmare and the need to move to lets encrypt
 
  • Like
Reactions: mlopez

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
I did check things on my end and I'm not seeing Sectigo reporting any issues, although that doesn't mean there aren't any. I would strongly recommend that everyone switch to Let's Encrypt to ensure they receive the certificates as expected.
 

LBJ

Well-Known Member
Nov 1, 2003
113
22
168
cPanel Access Level
DataCenter Provider
Interestingly, after raising a ticket directly with Sectigo due to multiple servers receiving ongoing, random rejections of...

The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests.

...we received the brief reply of...

Greetings from Sectigo!

We do not have limits on API calls sent per second/minute. The error on the cPanel server when issuing SSL entirely depends on cPanel. Hence, please contact cPanel support for better assistance.

Regards,
Ricky - Technical Support
USA: +1 (888) 266-6361
International: +1 (914) SECTIGO (732-8446)

Upon replying within a few minutes to Sectigo to invite them to add their direct input to this thread, we received...

Please be advised that case:

02474193
The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.

has already been closed.

Most helpful.

Best regards,

LBJ
 

n.shah

Registered
Sep 28, 2022
2
0
1
London, UK
cPanel Access Level
Root Administrator
Looking back at my own AutoSSL logs, I've been encountering this issue since 16th September. As more certificates are expiring, the error is becoming more frequent - I'm seeing it on 6 different domains as of this morning, 2 of which have already expired so getting "Insecure" errors.
 

Attachments

LBJ

Well-Known Member
Nov 1, 2003
113
22
168
cPanel Access Level
DataCenter Provider
@LBJ - switch to Let's Encrypt and just remove Sectigo from the equation completely.

Unfortunately, Let's Encrypt have their own issues in a few edge cases.

We provide every client with a permanent secondary server access method via a subdomain on a reserved domain of our own. Clients can use that method of access prior to redelegation and in various emergency situations such as where their domains are expired etc.

Over all our servers, that results in thousands of certificates required which include the same root domain name. Let's Encrypt limit requests to 50 per single domain per week as per...

https://letsencrypt.org/docs/rate-limits/

We're currently waiting for an exemption request to be granted, but that's not a fast process.

In the interim, we simply work around Sectigo's dodgy system with the following daily process...

Code:
#!/bin/bash

busy_string="cannot currently accept incoming requests"
/usr/local/cpanel/bin/autossl_check --all
file_path=$(ls -Art /var/cpanel/logs/autossl/*/txt | tail -n 1)
awk -F'[“”]' '/Processing / {user=$2; next}; /'"$busy_string"'/ {print user}' "$file_path" | while read -r user
do
  result_path="$file_path"
  while fgrep -qs "$busy_string" "$result_path"
  do
    echo "Reprocessing user $user"
    /usr/local/cpanel/bin/autossl_check --user="$user"
    result_path=$(ls -Art /var/cpanel/logs/autossl/*/txt | tail -n 1)
  done
done

I had to pull that code out of our global management system and modify it to be standalone for the example here, but it tested out correctly and should be fine.

That simply runs a full autossl check process and then repeatedly reprocesses any individual users failing with the dreaded busy message. We also have a separate version which takes a user name as a parameter and then processes only for that single user.

The code needs to run when no other autossl check routine is being run since its logic simply assumes the last log file found is its own. In other words, don't run it while /etc/cron.d/cpanel_autossl is running, or while another admin is trying to update a certificate via WHM or shell.

We also run a related watchdog to kill the parent process if it runs for over 60 minutes, but that's never happened so far. It's usually successful on every server within just a few minutes of the retry processes after the initial full check run.

If you only have a few servers, just run it from shell on each and then you can watch it process to completion. Use a kill on the parent process to end it if you need to.

Best regards,

LBJ
 

n.shah

Registered
Sep 28, 2022
2
0
1
London, UK
cPanel Access Level
Root Administrator
Thanks for the script @LBJ

I was able to fix my issue by manually running just the autossl script at a random time to get past the error:

Code:
/usr/local/cpanel/bin/autossl_check --user={username}
Ran the command once and it fixed the issue for the accounts I was having issues with.
 

elmister

Well-Known Member
Mar 2, 2004
48
3
158
@LBJ - switch to Let's Encrypt and just remove Sectigo from the equation completely.
Not completely, apart from the rate-limits imposed by Let's encrypt, the LE plugin doesn't generate certificates for hostnames, only the Sectigo plugin does it.

So, when hostname certificates expire we will not have certificates for the hostnames and will be unable to get them automatically
 
Thread starter Similar threads Forum Replies Date
E Server Management 1