Skip to main content

"The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests."

Comments

231 comments

  • [D_A]
    Well, I see same problems on many different cPanel servers with many customers daily. Installing letsencrypt is not the solution... Or should we try to change SSL provider couple of times per Year? (I know that LetsEncrypt has more issues usually that Comodo AutoSSL)... cPanel Team, any ETA on this Sectigo ratelimiting issue, as it seems to affect many of cPanel resellers and customers worldwide?
    0
  • PPNSteve
    Any idea on a resolution for this? Just had one of domains go down with many more to follow.
    0
  • Jheroen
    Here the same issue, it was always working perfectly until now, websites unsecure etc etc i don't want this
    0
  • TomKu
    Also affected and helpless. Switched to Let's Encrypt and got new cert instantly.
    0
  • cPRex Jurassic Moderator
    Sectigo still has not been able to resolve the issues on their end. The best thing to do at this point is to switch to Let's Encrypt. We're also looking into ways to mitigate this on our side, but haven't come up with any resolutions just yet.
    0
  • ITHKBO
    Sectigo still has not been able to resolve the issues on their end. The best thing to do at this point is to switch to Let's Encrypt. We're also looking into ways to mitigate this on our side, but haven't come up with any resolutions just yet.

    Rex, can we receive a case number to track this issue? We are in the process of possibly taking over 4000 new domains which for some miracle never received TLS treatment at there old provider. We are not looking forward to manually having to open tickets for all those certificates and being forced to switch to R3 Let's Encrypt for mitigation might also change the migration timing due to rate limits.
    0
  • cPRex Jurassic Moderator
    @ITHKBO - there is no case number since it's not a cPanel issue. It's completely up to Sectigo and their network.
    0
  • Jheroen
    @ITHKBO - there is no case number since it's not a cPanel issue. It's completely up to Sectigo and their network.

    Okay, i understand but as it is a Cpanel service imho you as company are involved; you get all the customers complaining about this.
    0
  • cPRex Jurassic Moderator
    Oh for sure, I completely agree. We're exploring options on our end too, both long and short term, which is why I'm keeping this thread updated. There isn't a case number though since development isn't involved as the current issues wouldn't be fixed with updates to the product. I'll definitely keep you guys updated as I find out more.
    0
  • ITHKBO
    Oh for sure, I completely agree. We're exploring options on our end too, both long and short term, which is why I'm keeping this thread updated. There isn't a case number though since development isn't involved as the current issues wouldn't be fixed with updates to the product. I'll definitely keep you guys updated as I find out more.

    Ok thank you for the quick answer. I have put the thread on my watchlist with notifications. Any steps we have to take note of when switching the X.509 cert providers from within Auto/SSL or should it be a press of a button. And I supose there is no way to force both providers as active and manually select which Auto/SSL provider is used per client? Hope this gets resolved very soon and that if it requires a update from cPanel this is also provided to STABLE 100.* series and not just to the upcoming 102.* RELEASE and newer.
    0
  • DKeen94
    Same issue being encountered here now, issue is only present on a couple of websites so far but we have a couple of hundred sites that we host. Hopefully Sectigo can fix this soon.
    0
  • Jheroen
    Any news about this? A connection that worked well for years and suddenly no longer should be traceable to who did what when it stopped working? More and more customers complaining about their certificates which means more work for us... Update: it seems to work again?
    0
  • cPRex Jurassic Moderator
    @Jheroen - we know exactly where the issue is, but it's on the Sectigo side of things. Unfortunately Sectigo doesn't seem to be handling this nearly as quickly as expected. For any users that won't get harmed by the lower rate limits, switching to Let's Encrypt is the best solution at this point.
    0
  • mvandemar
    @cPRex Is there a way to set different providers for different users, or is it an all or nothing deal? -Michael
    0
  • cPRex Jurassic Moderator
    @mvandemar - it's all or nothing.
    0
  • Jheroen
    Hmmm still not fixed this issue, customers keep complaining about this; sectigo :( What is the difference when pulling auto SSL for a user in WHM or in Cpanel? I started the task in WHM nothing happened, did the same in Cpanel: started immediately. When is this fixed so certificates will be automatic like it was?
    0
  • cPRex Jurassic Moderator
    @Jheroen - there isn't any difference between the two actions. Sectigo is still not fixing things on their end, so it's really luck of the draw if it works at this point.
    0
  • Jheroen
    @Jheroen - there isn't any difference between the two actions. Sectigo is still not fixing things on their end, so it's really luck of the draw if it works at this point.

    Thanks for your answer, we have to wait...
    0
  • tomsie1000
    Hi all, I have had a number of complaints from my users because of this. It's not clear how Sectigo are implementing their rate limiting, as positive responses to requests can be found buried between lots of failures. Once a cert request is accepted, it is serviced straight away. The major problem for me was that the /usr/local/cpanel/bin/autossl_check script does not attempt a retry of the certificate request, it just moves on to the next item. It deems certificates as "ready for replacement" when its expiry date is less than 15 days from "now". Being that by default, this script only runs once a day, I had sites that were not getting updated for certificates before expiry, meaning that they had consecutively failed over 15 days. I found that if you force-run the script for a specific user, I got a positive response about %50 of the time. Therefore, my workaround was to edit the crontab file at /etc/cron.d/cpanel_autossl and change it so it runs every hour - that is: 0 * * * * root /usr/local/cpanel/bin/autossl_check --all
    I also turned off AutoSSL emails to site owners to avoid them getting spammed. The script does implement a sort of exponential backoff when a request is successful and it is waiting for the corresponding certificate to be signed and ready for collection. This seems to work well - why not consider implementing the same mechanism for the initial certificate request as well? After all, Sectigo is saying "try again later", and "later" doesn't specifically have to be "tomorrow"
    0
  • adeyjones
    Hi guys, also having an issue here. For the past week or so, I have had emails each day from various clients of mine saying their websites are down. Their previous SSL was expiring that day and auto-SSL had not renewed. Manually requesting one does work in 95% of cases where a new SSL is assigned within a couple of minutes, but obviously I am not aware of this until I get the complaint, at which point I already have a disgruntled customer. Taken from the log this morning: 5:16:17 AM The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later. 5:16:21 AM The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later. The system has completed "surgerywebtemp""s AutoSSL check. As it says above, the system will try again later, except it doesn't, the complaint came 6 hours after this at which time I manually requested and resolved. But I expect this same issue again tomorrow, and the next day, and the next...
    0
  • barnabas
    Same issue here. Trying to migrate 50+ domains to new servers and unable to issue any AutoSSL for the past hour. This really slows thing down. 8:11:43 PM The system will attempt to renew the SSL certificate for ([xxx].[xxx].com: [xxx].[xxx].com www.[xxx].com). 8:11:44 PM The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later.
    Not sure what the point of including an Auto-SSL certificate process as a convenience when it clearly hasn't worked consistently for at least 6 months. Followed other users suggestion and installed Let's Go Encrypt. Worked with no issue.
    0
  • mvandemar
    @cPRex so is this still happening...? Is there communication between cpanel and Sectigo on this as far as when we might expect a resolution? -Michael
    0
  • cPRex Jurassic Moderator
    At this time we're exploring all of our options. That's as specific as I can be at this point with the details I have - sorry I can't say more just yet.
    0
  • ethical
    any update on this?
    0
  • garconcn
    At this time we're exploring all of our options. That's as specific as I can be at this point with the details I have - sorry I can't say more just yet.

    Was Sectigo asking cPanel to pay ssl per domain or increase the price?
    0
  • WorkinOnIt
    Also have been having the same issues with Sectigo. Some domains went down and mail failed due to insecure connections. Customers not happy. Have switched to Let's Encrypt . Big problem with Let's Encrypt: It does not cover the server host name or server mail etc - so beware people
    0
  • cPRex Jurassic Moderator
    I don't have any updates from my end yet. Keep using Let's Encrypt as much as you can for the time being, although I understand that doesn't take care of the hostnames.
    0
  • mvandemar
    @cPRex, would this also affect system ssl certificates? I am getting these emails now:
    The following cPanel service generated warnings from the checkallsslcerts script.
    ? cpanel
    The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID k4td5e) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day": We were unable to process your request. Please try again later.
    Also getting individual email warnings about ssl on dovecot, exim, ftp, and cpanel. Is this all related to the Sectigo issue? -Michael
    0
  • cPRex Jurassic Moderator
    Yes, even if you have switched to Let's Encrypt the hostname SSL still gets processed through Sectigo so it can result in those warnings.
    0
  • mvandemar
    Yes, even if you have switched to Let's Encrypt the hostname SSL still gets processed through Sectigo so it can result in those warnings.

    So the system ssl certs will just expire with no resolution and no workaround now? Seriously? -Michael
    0

Please sign in to leave a comment.