SOLVED The cPanel Store returned an error (X::TemporarilyUnavailable)

horizon2021

Active Member
Jan 31, 2021
41
3
8
USA
cPanel Access Level
Root Administrator
I'm also seeing this behavior on a server 5-days in a row now during the nightly cron the same as the first post:
The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day
After 5 or so nights, this server updated its hostname certificate now.
One thing I noticed is that before WHM would send an email "your new hostname certificate has been issued" and this time, it did not send any such email.
I liked it sending that email so that when I found the cert different, I knew it was an intentional change.
 
  • Like
Reactions: nlaruelle

horizon2021

Active Member
Jan 31, 2021
41
3
8
USA
cPanel Access Level
Root Administrator
I've now had the hostname ssl cert renew on 3 servers with the new cpanel provided 90-day hostname cert, and none of them has sent an email regarding the new hostname cert being installed. All of them had the cpanel store temporarily unavailable error email sent several days in a row this time though until they finally completed this time (before I got no error emails and one success email per server when a new cert was installed.)

The last hostname SSL certificate email I got was in March of 2021 "Your free cPanel-signed hostname SSL certificate for <hostname> is available" and this was for a 1-year hostname cert.
 

noox

Active Member
Mar 19, 2003
41
5
158
cPanel Access Level
Root Administrator
I got the same error mails for 3 days in a row now on my WHHM DNSOnly server. Is there something special to consider (as there is no AutoSSL) or should a just wait for a couple of days?
I'm on v100.0.9
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,780
1,872
363
cPanel Access Level
Root Administrator
@horizon2021 - I confirmed the hostname SSL renewals are no longer sending that notification. I reached out to the team through case CPANEL-40040 to have them check and see if this is intended behavior (reduced noise since this happens every 90 days) or something that needs to be addressed. I'll be sure to post as I hear more on the issue.
 
  • Like
Reactions: horizon2021

vagmor

Registered
Mar 13, 2022
2
0
1
Athens
cPanel Access Level
Root Administrator
hello it has been more than a week that keeps failing to get new SSL for my dns only server...

and when i run /usr/local/cpanel/bin/checkallsslcerts i get this error


The system will check for the certificate for the “cpanel†service.
The system will attempt to verify that the certificate for the “cpanel†service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel†service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel†service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel†service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel†service.
The system will attempt to install a certificate for the “cpanel†service from the cPanel store.
Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/F381A61B1D3A65F475DEC4466303391F.txt) …
… complete.
Setting up DNS DCV for “ns2.****.gr†…
… complete.

Attempting DNS DCV preflight checks …
ns2.***.gr: DNS DCV OK
www.ns2.****.gr: DNS DCV OK
mail.ns2.***.gr: DNS DCV OK
cpanel.ns2.****.gr: DNS DCV OK
webmail.ns2.***.gr: DNS DCV OK
whm.ns2.****.gr: DNS DCV OK
cpcalendars.ns2.****.gr: DNS DCV OK
cpcontacts.ns2.****.gr: DNS DCV OK
Succeeded domains: 8
Failed domains: 0
Requesting certificate from cPStore …
The response to the HTTP (Hypertext Transfer Protocol) “POST†request from “https://store.cpanel.net/json-api/ssl/certificate/whm-license/90-day†indicated an error (504, Gateway Time-out): <html><body><h1>504 Gateway Tim…
Undoing HTTP DCV setup (/usr/local/apache/htdocs/.well-known/pki-validation/F381A61B1D3A65F475DEC4466303391F.txt) …
… complete.
Enqueueing undo of DNS DCV setup (CNAME _f381a61b1d3a65f475dec4466303391f.ns2.****.gr) …
Undoing DNS DCV setup …
… done.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID azjkyn) The response to the HTTP (Hypertext Transfer Protocol) “POST†request from “https://store.cpanel.net/json-api/ssl/certificate/whm-license/90-day†indicated an error (504, Gateway Time-out): <html><body><h1>504 Gateway Tim…
The system will check for the certificate for the “exim†service.
The system will attempt to verify that the certificate for the “exim†service is still valid using OCSP (Online Certificate Status Protocol).
The “exim†service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “exim†service and any other services that use the old certificate.
The system will attempt to install a certificate for the “exim†service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim†service.
 

vagmor

Registered
Mar 13, 2022
2
0
1
Athens
cPanel Access Level
Root Administrator
@vagmor - that seems like a different error than the original subject of this thread. Can you try temporarily disabling the firewall on your server and then running the "/usr/local/cpanel/bin/checkallsslcerts" command to see if that gets the SSL installed?
yes it seems it was csf firewall... but i have the same type of setup for years... why it happened now? maybe you have some ips i should whitelist??
 

Gürsoy Koç

Registered
Nov 10, 2015
2
0
51
Turkey
cPanel Access Level
Root Administrator

PPNSteve

Well-Known Member
Mar 13, 2003
422
9
168
Somewhere in Ilex Forest
cPanel Access Level
Root Administrator
Twitter
Just want to give this thread a little bump.. It's been happening on our servers as well since the last week of May 2022. Got service domains about to expire June 26th.... no renewing.

Anyone get it resolved or do we just wait for cPanel and Sectigo to get their $h!t together?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,780
1,872
363
cPanel Access Level
Root Administrator
@PPNSteve - you're likely experiencing this issue:


which Sectigo hasn't been able to resolve completely.
 

grindlay

Well-Known Member
Dec 8, 2004
58
5
158
Edinburgh, Scotland
cPanel Access Level
Root Administrator
I hit this issue this week, my cert renewal is scheduled for 23:45 UTC. Four consecutive failures with:
" The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later. "
I run CSF but I have the Sectigo IPs in the allow-list (double-checked) and ports 53 (TCP & UDP) and port 80 (TCP) were all open.
I solved by running:
/usr/local/cpanel/bin/checkallsslcerts
at 12pm on a Sunday, the renewal proceeded without a hitch.
I wonder if Sectigo servers are getting overloaded or if there is maintenance going on?
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
279
51
78
UK
cPanel Access Level
Root Administrator
Hi I'm trying to set up a VPS and keep getting for the last day or so

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID jzu9un) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

Why can't we choose Let's Encrypt for hostnames?