Symptoms
AutoSSL shows the following error while trying to request a new SSL certificate:
No key ID has been set. Either pass “key_id” to new(), or create_account().
Description
This issue is caused because your firewall blocks the connection for Let's Encrypt to communicate with acme-v02.api.letsencrypt.org.
Workaround
First you need to check the /usr/local/cpanel/logs/error_log file. You can use the following grep command to filter down the error log.
grep -A2 "Net::ACME2::X::HTTP::Network:" /usr/local/cpanel/logs/error_log
This command will shows you the follwing error:
warn [xml-api] Net::ACME2::LetsEncrypt->get_terms_of_service(): Net::ACME2::X::HTTP::Network: The system failed to send an HTTP “GET” request to “https://acme-v02.api.letsencrypt.org/directory” because of an error: Cpanel::Exception::Timeout/(XID 3bkkcq)
at /var/cpanel/perl/Cpanel/SSL/Auto/Provider/LetsEncrypt/ToSCache.pm line 89.
Cpanel::SSL::Auto::Provider::LetsEncrypt::ToSCache::__ANON__(__CPANEL_HIDDEN__) called at /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/IO/Socket/IP.pm line 751
As you can see the error log shows that the Letsencrypt client is unable to contact with the API server because it gets a timeout.
Your firewall configuration probably causes this timeout.
To confirm that the issue is caused by your firewall, please execute the following command:
curl -vsIL https://acme-v02.api.letsencrypt.org/directory
If you get back the follwing response:
curl -vsIL https://acme-v02.api.letsencrypt.org/directory
* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
* Trying 172.65.32.248...
It means that the server is unable to communicate with the API server.
To solve the issue, please check your firewall settings and make sure that port 443 is also enabled that.
https://acme-v02.api.letsencrypt.org
Is reachable from your server.