CPANEL-41463 - Sectigo not accepting one-off requests
G'day Team,
Our servers are receiving the following response when trying to generate one-off certificates for new sites...
The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later.
Does anyone know if this is related to...
Thanks for any info available.
Best regards,
LBJ
-
Just an update... After a few hours, Sectigo began processing again, but queued requests were not processed and required another request. Their status page showed everything as running smoothly at all times. I'm guessing they don't bother updating that page frequently. Best regards, LBJ 0 -
Unfortunately in the past 2 weeks the service is bumpy...... :( 0 -
I'm glad it's working now! Please let us know if you run into further issues. 0 -
Same thing here today: The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. 0 -
These days Sectigo Servers are in busy :D I had to click RUN button in each hour to install a certificate last few days. 0 -
Hi We receive a lot of "The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again late". This is a big issue because on new accounts the time to receive a cert is not predictable. @cpanel: can you resolve this issue with sectigo? Or does any other know a workaround? Best regards, Roland 0 -
Hi We receive a lot of "The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again late". This is a big issue because on new accounts the time to receive a cert is not predictable. @cpanel: can you resolve this issue with sectigo? Or does any other know a workaround? Best regards, Roland
Are you still having issues? If so, can you please open a ticket using the link in my signature and provide me with the ID?0 -
I'm having issues today too: The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later. This has affected my mail.domain.com from being able to operate. Is there a fix available ? 0 -
Same thing happenning here. Sectigo became far too intermitent and lately it is not working for a couple hours a day. I had to issue certs using Let's Encrypt, which works like a breeze. Please fix the Sectigo feature.. 0 -
I'm having issues today too: The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later. This has affected my mail.domain.com from being able to operate. Is there a fix available ?
Are you still having issues? Do you still have problems on sectigo, and if so, can you try Let's Encrypt and let me know if issues persist?0 -
Are you still having issues? Do you still have problems on sectigo, and if so, can you try Let's Encrypt and let me know if issues persist?
As of just now Australian time... " 3:19:26 PM The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later." Once again there is no mention of the problem on their status page...0 -
Would you be able to open a ticket using the link in my signature or by asking your web hosting provider to do one? We would be more than happy to take a look into the specific Sectigo issues causing these AutoSSL problems for your host.
G'day cPanelAnthony, Thank you for the offer, but you really don't need access to one of our servers for this issue. It's simply a continuing but intermittent issue with the Sectigo service. If you just set up a live and active cPanel system and monitor it regularly for failed certificate requests, you're sure to see the same issue as all the above cPanel clients have encountered and reported. When it occurs on one server, the issue is present on all servers over multiple data centers. With no corrective action or changes on the cPanel boxes, the Sectigo service will eventually come back online after anywhere between 15 minutes and a couple of hours. It's obviously most noticeable when new accounts are created during the day and an ad-hoc request is made to Sectigo for the new account. Best regards, LBJ0 -
I'm having the same issue on a newly created account. I keep getting the message in the logs: "The provider "cPanel (powered by Sectigo)" cannot currently accept incoming requests. The system will try again later." I had tried a few days ago and was seeing the same thing. Is there a work around or what is everyone suppose to do who is experiencing this? 0 -
What are the steps to switch to Let's Encrypt? And why not just use Let's Encrypt anyway? Is Sectigo a cPanel company? 0 -
Hi @WorkinOnIt, Sectigo(formerly Comodo CA) is not a cPanel owned company. "cPanel (powered by Sectigo)" is the cPanel's default SSL provider. The one that ships with cPanel. cPanel provides an official installation script for Let's Encrypt", and you can install this third-party AutoSSL provider if needed: Let's Encrypt can issue certificates faster, and there are few other benefits over the "cPanel (powered by Sectigo)" provider. However, Let's Encrypt imposes significant rate and domain limits, unlike the default provider. So, review the rate limits before you consider switching: Certificate Issuing Platform Scheduled Maintenance on Saturday, January 15, 2022; 23:59 UTC. Let's hope they will fix all issues with that scheduled maintenance. So, I'd recommend you wait until that before considering other options. 0 -
I'm getting this issue 22 Jan, 2022 around 10pm eastern time. 0 -
I solved this by uninstalling cPanel SSL via Sectigo and installing Let's Encrypt. LE installed all of the SSL certs immediately. Problem solved - hopefully no issues come up ;-) 0 -
Now nice... Any news on "provider cannot currently accept incoming requests" This service is the only reason why I kept cPanel, right! Log for the AutoSSL run for "basesnet": Wednesday, February 16, 2022 11:39:37 PM GMT-0500 (cPanel (powered by Sectigo)) 11:39:37 PM AutoSSL"s configured provider is "cPanel (powered by Sectigo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Analyzing "basesnet""s domains " 11:39:37 PM Analyzing "baseballsales.net" (website) " 11:39:37 PM ERROR TLS Status: Defective ERROR Certificate expiry: 2/17/22, 12:00 AM UTC (0.19 days ago) ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:10:CERT_HAS_EXPIRED). 11:39:37 PM Attempting to ensure the existence of necessary CAA records " 11:39:37 PM No CAA records were created. 11:39:37 PM Verifying 3 domains" management status " Verifying "cPanel (powered by Sectigo)""s authorization on 3 domains via DNS CAA records " 11:39:38 PM "mail.baseballsales.net" is managed. "www.baseballsales.net" is managed. "baseballsales.net" is managed. All of this user"s 3 domains are managed. CA authorized: "baseballsales.net" CA authorized: "mail.baseballsales.net" CA authorized: "www.baseballsales.net" "cPanel (powered by Sectigo)" is authorized to issue certificates for 3 of this user"s 3 domains. 11:39:38 PM Performing HTTP DCV (Domain Control Validation) on 3 domains " 11:39:38 PM Local HTTP DCV OK: baseballsales.net Local HTTP DCV OK: www.baseballsales.net Local HTTP DCV OK: mail.baseballsales.net 11:39:38 PM No local DNS DCV is necessary. 11:39:38 PM Processing "basesnet""s local DCV results " 11:39:38 PM Analyzing "baseballsales.net""s DCV results " 11:39:38 PM AutoSSL will request a new certificate. 11:39:38 PM The system will attempt to renew the SSL certificate for (baseballsales.net: baseballsales.net www.baseballsales.net mail.baseballsales.net). 11:39:40 PM The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later. The system has completed "basesnet""s AutoSSL check. 0 -
Yes, it becomes annoying several times a week. I just switched back to Let's Encrypt on some servers and it works far better. To those customers needing SSL compatibilty on old devices, I simply warned that the free Sectigo service is intermitent and may fail.. at any given time. So I now have servers with Let's Encrypt for modern sites, and servers with Sectigo for the oldies. 0 -
I'm having this issue with one of our customers on multiple servers with multiple domains. These are existing domains having SSLs that are not renewing within the expiration date and the sites are failing to have an SSL because it doesn't renew before the 15 days of expiry /var/cpanel/logs/autossl grep "provider cannot currently accept incoming requests" 2022-04-*/txt | cut -d: -f1 | uniq -c 21 2022-04-02T02 37 2022-04-03T02 52 2022-04-04T02 58 2022-04-05T02 63 2022-04-06T02 67 2022-04-07T02 71 2022-04-08T02 69 2022-04-09T02 67 2022-04-10T02 59 2022-04-11T02 55 2022-04-12T02 55 2022-04-13T02 53 2022-04-14T02 59 2022-04-15T02 Looks to have started this month at least was considerably elevated as last month not as many grep "provider cannot currently accept incoming requests" 2022-03-*/txt | cut -d: -f1 | uniq -c | tail -4 1 2022-03-27T02 1 2022-03-28T02 Sectigo AutoSSL has been consistently inconsistent for at least the few months and seems that if you simply manually renew it works most times. That's what this customer has seen and I've seen this with it simply not working and this error wasn't seen just that it will be issued but never is. I gathered the domain names that were having issues and found that the same domains had the same issue up to 22 times grep -B1 "provider cannot currently accept incoming requests" 2022-04-*/txt | grep renew | cut -d: -f6- | awk '{print $1}' > /home/temp/ssldomainissues sort /home/temp/ckulpa.10399843 | uniq -c | sort -rn | head | awk '{print $1}' 22 20 19 19 18 18 18 17 17 16 sort /home/temp/ckulpa.10399843 | uniq -c | sort -rn | wc -l 193 over 190 different domains. which of course, if the domain is within 15 days of expiring then. I just tried to renew one of the domains manually and it failed many do renew. 0 -
@chalupa - the best thing is to switch to Let's Encrypt as long as their limits aren't too strict for your needs. 0 -
Ok, no real investigation about why this is actually happening I take it? 0 -
@chalupa - we know exactly why it's happening - Sectigo can't handle the traffic they are receiving. They just aren't fixing things on their end. 0 -
@chalupa - we know exactly why it's happening - Sectigo can't handle the traffic they are receiving. They just aren't fixing things on their end.
Ah shoot. Ok. Yeah I mean, if it failed for a few days and then was ok and clients weren't left without coverage it wouldn't be a big problem but it's unfortunate this service isn't being propped up. Thanks.0 -
I am still getting this issue. I am switching to Let's Encrypt for the domains that fail, but then I switch back inside the Manage SSL Hosts section, because I am also using the Sectigo cpanel service to renew hostnames ssl etc.... My understanding that cpanel does not allow that with Let's Encrypt. Is there a particular reason why not? Could we not just ditch sectigo altogether.... it seems their service is wholly unreliable.... 0 -
@jazee - I see you posted this response in another thread as well, but the issues with Sectigo our outside of our control when they are overloaded. 0 -
@jazee - I see you posted this response in another thread as well, but the issues with Sectigo our outside of our control when they are overloaded.
Hi there. The real issue is that this Sectigo service is... well, horrible. The only reason for us to still support it is because it makes the websites compatible with old browsers. Other than that, Let's Encrypt is stunningly better. Please guys, seriously, you should explore another alternatives, another external provider, suitable to replace Sectigo...0
Please sign in to leave a comment.
Comments
48 comments