CPANEL-41463 - Sectigo not accepting one-off requests
G'day Team,
Our servers are receiving the following response when trying to generate one-off certificates for new sites...
The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later.
Does anyone know if this is related to...
Thanks for any info available.
Best regards,
LBJ
-
Please guys, seriously, you should explore another alternatives, another external provider, suitable to replace Sectigo...
I really want to comment, but I just can't quite yet. Let's just go with "every option is being explored"0 -
Ok, maybe the cPanel owners should purchase Sectigo to enforce some good working :-) I bet you didn't explore this one, lol. 0 -
You're right, that one has not come up! 0 -
Hello, Looks like AutoSSL is not able to renew a couple of the domains installed on cpanel. Due to company policy, using random domain in the below error message [QUOTE]AutoSSL failed to request an SSL certificate for "example.com" because of an error: (XID vrgmxf) The response to the HTTP (Hypertext Transfer Protocol) "POST" request from " indicated an error (500, Internal Server Error): because of an error: (XID fpt9cp) The response to the HTTP (Hypertext Transfer Protocol) "POST" request from " indicated an error (504, Gateway Timeout): 504 Gateway Tim
2nd try gave different error [QUOTE]AutoSSL failed to request an SSL certificate for "example.com" because of an error: (XID 4fy4r2) The cPanel Store returned an error (X::UnknownError) in response to the request "POST ssl/certificate/free": Service Unavailable
How to fix this issue as both the domains are live. Any help would be appreciated. Thanks.0 -
Hi, we have a same problem as @jazee. Once in a while certificate expires because it wasn't automatically renewed. The problem is that we have no idea about that because there is no warning notification (e-mail) and we only find out when a client reports a problem, and that's always a bad option. I can understand that there is a problem with Sectigo, but can we at least receive some notification 24-48h before certificate expires? So that we can manually renew it. Example: WARN Certificate expiry: 11/1/22, 12:00 AM UTC (6.96 days from now) Attempting to ensure the existence of necessary CAA records " No CAA records were created. Verifying 3 domains" management status " ... Verifying "cPanel (powered by Sectigo)""s authorization on 3 domains via DNS CAA records " "cPanel (powered by Sectigo)" is authorized to issue certificates for 3 of this user"s 3 domains. Administrator Notifications Notify the administrator for all AutoSSL events and normal successes. - checked Certificate is not renewed and there is no notification. This way we have to manually control all cert expire dates which is a little "stone age" option. Any advice? Or solution? 0 -
@zodiac9797 - you should definitely be getting a notification if they failed to renew. Inside WHM >> Contact Manager, are all the AutoSSL settings set to a priority that will trigger an email notification? 0 -
@zodiac9797 - you should definitely be getting a notification if they failed to renew. Inside WHM >> Contact Manager, are all the AutoSSL settings set to a priority that will trigger an email notification?
@cPRex notifications are ok, just checked again to be sure and everything is ok under WHM >> Contact Manager... I do receive notification when a SSL cert is successfully installed "AutoSSL has installed a certificate successfully.". I think that the problem is that there is no (available) notification in a case of AutoSSL cert failed installation because of Sectigo failed to do so (for various reasons). We have all kinds of notifications: 1. AutoSSL cannot request a certificate because all of the website"s domains have failed DCV (Domain Control Validation). 2. AutoSSL has deferred normal certificate renewal because a domain on the current certificate has failed DCV (Domain Control Validation). 3. AutoSSL has installed a certificate successfully. 4. AutoSSL has provisioned a new certificate for a dynamic DNS domain. 5. AutoSSL has renewed a certificate, but the new certificate lacks at least one domain that the previous certificate secured. 6. AutoSSL has renewed a certificate, but the new certificate lacks one or more of the website"s domains. 7. AutoSSL will not secure new domains because a domain on the current certificate has failed DCV (Domain Control Validation), and the certificate is not yet in the renewal period. As you can see there is no notification in a case where DCV and everything else is ok but the Sectigo doesn't issue a certificate. I am following couple of certs that will expire on 1st of November and every day I can see in AutoSSL log ""cPanel (powered by Sectigo)" is authorized to issue certificates for 3 of this user"s 3 domains." but the certificate is not renewed. It will go on like this for days and if Sectigo fails to issue a cert we will not receive any warning or notification. Under WHM >> Contact Manager we need a notification when everything is ok on our side (DCV and other conditions) "AutoSSL certificate will expire in 24h (or 48h)", this way we can login to server and manually check certificate and try to renew it.0 -
What specific error is happening during the renewal process that is keeping Sectigo from issuing the certificate? 0 -
What specific error is happening during the renewal process that is keeping Sectigo from issuing the certificate?
There is no error, at least not on our (WHM) side. I don't know if there is an error at Sectigo. Example: 3:00:28 AM Analyzing "some-domain-name""s domains " 3:00:28 AM Analyzing "some-domain-name" (website) " 3:00:28 AM TLS Status: Ready for Renewal WARN Certificate expiry: 11/1/22, 12:00 AM UTC (3.96 days from now) 3:00:28 AM Attempting to ensure the existence of necessary CAA records " 3:00:28 AM No CAA records were created. 3:00:28 AM Verifying 3 domains" management status " Verifying "cPanel (powered by Sectigo)""s authorization on 3 domains via DNS CAA records " 3:00:28 AM CA authorized: "some-domain-name" CA authorized: "www.some-domain-name" "www.some-domain-name" is managed. "mail.some-domain-name" is managed. "some-domain-name" is managed. All of this user"s 3 domains are managed. CA authorized: "mail.some-domain-name" "cPanel (powered by Sectigo)" is authorized to issue certificates for 3 of this user"s 3 domains. 3:00:28 AM Performing HTTP DCV (Domain Control Validation) on 3 domains " 3:00:28 AM Local HTTP DCV OK: some-domain-name Local HTTP DCV OK: www.some-domain-name Local HTTP DCV OK: mail.some-domain-name 3:00:28 AM No local DNS DCV is necessary. Tomorrow it will be the same except the warning will be "2.96 days from now" and it will go on till certificate expires.0 -
That's definitely odd - could you create a ticket with our team on this issue so we can see this in action? 0 -
: ( going on 2 Years with : The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later. 0 -
@itwolfy - have you tried switching to Let's Encrypt? 0 -
That's definitely odd - could you create a ticket with our team on this issue so we can see this in action?
That would require cPanel team access to our servers? I prefer to avoid that, but I can provide all the data that they need (logs, etc.). My question is, is it possible to receive notification when certificate is not renewed and will expire in 24h or 0h, and Sectigo returns this "cPanel (powered by Sectigo)" is authorized to issue certificates for 3 of this user"s 3 domains." instead of an error?0 -
No, there wouldn't be any type of notification for that since that isn't the end of the output. Do you eventually get the "The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later" message? 0 -
No, there wouldn't be any type of notification for that since that isn't the end of the output. Do you eventually get the "The "cPanel (powered by Sectigo)" provider cannot currently accept incoming requests. The system will try again later" message?
Yes, but no e-mail notification that the certificate wasn't renewed.0 -
Thanks for the confirmation. We have a recent case about this under CPANEL-41463 where certificates that are processed by delayed do not send any notification. Our team is working on that and I'll be sure to post a reply to this thread once I have more details. 0 -
Thanks for the confirmation. We have a recent case about this under CPANEL-41463 where certificates that are processed by delayed do not send any notification. Our team is working on that and I'll be sure to post a reply to this thread once I have more details.
Great, thank you! :)0
Please sign in to leave a comment.
Comments
48 comments