Skip to main content

The system could not fetch the TIERS file

Bill Bailey
  • Updated

Symptoms

 

When attempting to install cPanel you receive the following notice, and the installation fails:

(DEBUG): Retrieving http://httpupdate.cpanel.net/cpanelsync/TIERS to the TIERS file... 
(FATAL): The system could not fetch the TIERS file:

When attempting to reach the noted URL using curl it returns something similar to the following:

This transfer is blocked.

 

Description 

This occurs as a result of your Web Appliance Firewall (WAF), or other security appliance, blocking the requests. 

 

Workaround

There are two solutions to this behavior.

 

The first is to ensure that the IPs for httpupdate.cpanel.net are allowed access through your WAF or Security appliance. To obtain the most recent list of IPs execute the following commands from within your server:

dig +short httpupdate.cpanel.net


As an example, the following commands would whitelist all of the relevant IPs if you are running only iptables:

 

First, we create a new chain to manage these rules:

iptables -N httupdate-cPanel

 

Next, we whitelist the addresses for httupdate.cpanel.net

for address in $(dig +short httpupdate.cpanel.net|sort); do iptables -A httpupdate-cPanel -s $address -j ACCEPT; done

 

Finally, we confirm that the chain contains the list of addresses

iptables -nL httpupdate-cPanel

 

Which should return something similar to the following:

Chain httpupdate-cPanel (0 references)
target prot opt source destination 
ACCEPT all -- 103.252.152.1 0.0.0.0/0 
ACCEPT all -- 122.201.72.171 0.0.0.0/0 
ACCEPT all -- 159.253.142.50 0.0.0.0/0 
ACCEPT all -- 184.94.196.92 0.0.0.0/0 
ACCEPT all -- 184.94.196.93 0.0.0.0/0 
ACCEPT all -- 184.94.196.94 0.0.0.0/0 
ACCEPT all -- 204.10.37.146 0.0.0.0/0 
ACCEPT all -- 206.130.99.76 0.0.0.0/0 
ACCEPT all -- 208.100.0.204 0.0.0.0/0 
ACCEPT all -- 208.109.109.239 0.0.0.0/0 
ACCEPT all -- 208.43.129.162 0.0.0.0/0 
ACCEPT all -- 63.247.66.98 0.0.0.0/0 
ACCEPT all -- 66.23.237.210 0.0.0.0/0 
ACCEPT all -- 66.71.244.18 0.0.0.0/0 
ACCEPT all -- 67.205.110.4 0.0.0.0/0 
ACCEPT all -- 67.227.128.74 0.0.0.0/0 
ACCEPT all -- 69.73.140.17 0.0.0.0/0 
ACCEPT all -- 74.50.120.123 0.0.0.0/0 
ACCEPT all -- 83.170.94.2 0.0.0.0/0 
ACCEPT all -- 94.75.231.77 0.0.0.0/0

 

The second solution would be to disable the WAF or security appliance temporarily.

 

Once you have performed either of the above the operation that returned the above error will now complete successfully.

 

Related articles