None of the certificates in the system ssl storage were acceptable to use for the cpanel service.
Hi,
I already read all similar threads on forum,but no luck so far.
Currently I have root (hostname) certificate expiring (will expire in 17 days).
I try renewing with /usr/local/cpanel/bin/checkallsslcerts but no luck.
Can you help somehow ?
The system will check for the certificate for the "cpanel" service.
The system will attempt to verify that the certificate for the "cpanel" service is still valid using OCSP (Online Certificate Status Protocol).
The "cpanel" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "cpanel" service and any other services that use the old certificate.
The system will attempt to install a certificate for the "cpanel" service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service.
The system will attempt to install a certificate for the "cpanel" service from the cPanel store.
The system will check for the certificate for the "dovecot" service.
The system will attempt to verify that the certificate for the "dovecot" service is still valid using OCSP (Online Certificate Status Protocol).
The "dovecot" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "dovecot" service and any other services that use the old certificate.
The system will attempt to install a certificate for the "dovecot" service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the "dovecot" service.
The system will check for the certificate for the "exim" service.
The system will attempt to verify that the certificate for the "exim" service is still valid using OCSP (Online Certificate Status Protocol).
The "exim" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "exim" service and any other services that use the old certificate.
The system will attempt to install a certificate for the "exim" service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the "exim" service.
The system will check for the certificate for the "ftp" service.
The system will attempt to replace the self-signed certificate for the "ftp" service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the "ftp" service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the "ftp" service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that "/usr/local/cpanel/bin/checkallsslcerts" runs.
Can you help somehow ?
-
How long ago did you request the certificate initially? (i.e., how long has it been processing?) Does the hostname resolve to the server? Do you have any apache includes that include customizations which would affect the hostname? 0 -
12-14 hours from now. Yes, hostname is resolving to correct IP No, I do not have any customizations in includes 0 -
It sounds as though there's an issue with the processing of the certificate, in this case, because I am limited to what I can look into on the forums I'd suggest you open a ticket with us to have it investigated further. When you do open the ticket please update here with the Ticket ID and we'll update this thread with the outcome when available. Thanks! 0 -
Support Request ID is: 13710161 0 -
Hello, I found this to be related to a CAA record in place for letsencrypt. In order to resolve this so that you'll be able to obtain a hostname certificate for the server you'll need to remove the CAA record for letsencrypt.org or modify it for Sectigo. [root@server ~]# dig CAA nosolutions.rs +short 128 issue "letsencrypt.org"
Sectigo will accept the following per0 -
I ran this command:
mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -vThen this one:
/usr/local/cpanel/bin/checkallsslcerts
And it finally rechecked and reissued!
0
Please sign in to leave a comment.
Comments
6 comments