"The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests."

Jheroen

Active Member
Mar 18, 2008
32
5
58
Interestingly, after raising a ticket directly with Sectigo due to multiple servers receiving ongoing, random rejections of...




...we received the brief reply of...




Upon replying within a few minutes to Sectigo to invite them to add their direct input to this thread, we received...




Most helpful.

Best regards,

LBJ
So if the above is correct Cpanel is the one who needs to get things done, cPanel wake up and DO something for your expensive license customers.
 
  • Like
Reactions: Kobor

Jheroen

Active Member
Mar 18, 2008
32
5
58
@Jheroen - we do plan to make some changes to this system in the near future, but I'm not able to share what those are just yet. I promise we're working on this though!
@cPRex i hope so, this situation is not from the last week, these problems are known for a long time already
 
  • Like
Reactions: cPRex

dangdesigns

Registered
Oct 22, 2014
2
2
53
Tampa, Florida, United States
cPanel Access Level
Root Administrator
I had the same issue ("The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests.") for multiple sites for over a week and was able to install Let's Encrypt in for auto SSL in under a minute by following this documentation:


I hope this helps someone else.
 

LBJ

Well-Known Member
Nov 1, 2003
113
22
168
cPanel Access Level
DataCenter Provider
Why hasnt cPanel fixed this - I have clients waiting 2+ days for SSL's - this is ridiculous.

That's atypical of our experience with the current issue.

We run a fleet of servers, and we've never waited more than a few minutes for a certificate request to be accepted with scripted retries.

This morning we had a few servers with "cannot currently accept incoming requests" errors, and all were sorted within 40 seconds of scripted retries.

For reissue situations of existing certificates, you should always see the errors in your logs well before the certificates actually expire.

For new accounts where the requests show a rejection in the logs, running a scripted retry until the request is accepted has always been successful for us.

It's definitely a major fault which should be sorted out, but with suitable mitigation, there's no reason for clients to suffer certificate outages.

Alternatively, so long as your operation fits within the rate-limits imposed by Let's Encrypt, just switch to their service for the interim at least.

Regards,

LBJ
 

slim

Well-Known Member
May 27, 2004
72
6
158
Australia
cPanel Access Level
Root Administrator
I was able to get a clients domain into the queue - and it has sat there for over 2 days. I have killed the queue and am now trying to run and rerun autoSSL to get them back into the queue.. The clients account is brand new, so there is no SSL installed and its a tad unacceptable they need to wait all this time for it to be provisioned. Given the length of time this thread has run its obvious cPanel need to sort something out.

Any chance you can enlighten me as to this script I can run that will retry getting a users domain into the queue?
 

LBJ

Well-Known Member
Nov 1, 2003
113
22
168
cPanel Access Level
DataCenter Provider

LBJ

Well-Known Member
Nov 1, 2003
113
22
168
cPanel Access Level
DataCenter Provider
For *anyone* having issues with domain certificates, please, switch to Let's Encrypt and then report back if that improved the behavior.

Just providing feedback as requested.

We tried Let's Encrypt early on with this current problem.

However, we provide every client with a permanent secondary server access method via a subdomain on a reserved domain of our own. Clients can use that method of access prior to redelegation and in various emergency situations such as where their domains are expired etc.

Over all our servers, that results in thousands of certificates required which include the same root domain name. Let's Encrypt limit requests to 50 per single domain per week as per...

https://letsencrypt.org/docs/rate-limits/

So after issuing certificates for 50 of our clients, Let's Encrypt then refused all further certificate requests over every one of our servers.

We submitted an exemption request to Let's Encrypt for our alias domain, but that wasn't a fast process.

While waiting for Let's Encrypt to process our exemption, we scripted automatic retries to run whenever Sectigo posts a "cannot currently accept incoming requests" error in the logs.

We now operate adequately with Sectigo and all certificate requests are accepted within a few minutes at worst. Our Let's Encrypt exemption has come through since then, but we're now fine with Sectigo. We ran a test run on one server with Let's Encrypt, and it was also fine with the exemption in place.

It would be nice if cPanel could provide the same simple retry logic for Sectigo within their own code for the benefit of all users.

Best regards,

LBJ

---

EDIT - Additional...

I've previously provided a basic example of code to handle retries at...

https://forums.cpanel.net/threads/t...-accept-incoming-requests.694129/post-2948185

You can modify that basic example to only run for one user, or even to simply run on the last log with a "cannot currently accept incoming requests" error recorded inside it.
 
Last edited:
  • Like
Reactions: Metro2

dangdesigns

Registered
Oct 22, 2014
2
2
53
Tampa, Florida, United States
cPanel Access Level
Root Administrator
I was able to get a clients domain into the queue - and it has sat there for over 2 days. I have killed the queue and am now trying to run and rerun autoSSL to get them back into the queue.. The clients account is brand new, so there is no SSL installed and its a tad unacceptable they need to wait all this time for it to be provisioned. Given the length of time this thread has run its obvious cPanel need to sort something out.

Any chance you can enlighten me as to this script I can run that will retry getting a users domain into the queue?
Not sure if this applies to your scenrio, but we did experience long queue times (5 days) for the initial domain SSL that have financial related words in the domain (ours had the word "capital", even though it was not financially related website).
 

TechBill

Active Member
Aug 7, 2011
44
4
58
Both of my WHM/cPanel servers are getting the

The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.

How do I fix this?

Thank you
 

TechBill

Active Member
Aug 7, 2011
44
4
58
Both of my WHM/cPanel servers are getting the

The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later.

How do I fix this?

Thank you

Never mind .. I just keep spam clicking renew AutoSSL until it finally assigned it one. Got it working now
 
  • Like
Reactions: yatesf
Thread starter Similar threads Forum Replies Date
E Server Management 1