Skip to main content

The cPanel Store returned an error (X::TemporarilyUnavailable)

Comments

69 comments

  • Steini Petur
    Hi, It's just a temporary issue somewhat check my reply
    0
  • ljj3
    Happened again last night.... What is the manual workaround?
    0
  • ljj3
    Happened again last night.... What is the manual workaround?

    Ok - the 30/3 day service cert issue.... Perform all 3 commands if it fails or just the last one?
    0
  • cPRex Jurassic Moderator
    As @Steini Petur mentioned, there are known issues with the Sectigo network at this time. We're hoping they fix it soon, but I don't have any other updates to provide on my end.
    0
  • ljj3
    mine expire at midnight - so should I start pounding away or wait till evening when load is lighter?
    0
  • cPRex Jurassic Moderator
    @ljj3 - if they are domain SSLs, you can switch to Let's Encrypt. If its the hostname SSL, I can only recommend continuing to try.
    0
  • ljj3
    @ljj3 - if they are domain SSLs, you can switch to Let's Encrypt. If its the hostname SSL, I can only recommend continuing to try.

    yep - service ssl - we use LE on domains.....
    0
  • kgs
    We're getting this, too. Second day in a row. The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID 7hru39) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day": We were unable to process your request. Please try again later.
    0
  • ljj3
    Just try manually - third time it worked....
    0
  • kgs
    Thanks @ljj3 Can you provide the steps for doing this manually?
    0
  • cPRex Jurassic Moderator
    You can run AutoSSL manually through WHM >> Manage AutoSSL for each user, or you can run the /usr/local/cpanel/bin/autossl_check command with either of these two options: /usr/local/cpanel/bin/autossl_check --username OR /usr/local/cpanel/bin/autossl_check --all
    0
  • kgs
    Thank you @cPRex Perhaps I'm not understanding the warning, then. For the past 2 days, the server has sent me an email with the warning I posted earlier. "The system failed to acquire a signed certificate from the cPanel Store" etc. However, for the last 2 days, when I check the AutoSSL logs in WHM, there are logs there with timestamps more than 6 hours after the email warnings, and the log is filled with success TLS statuses. (As far as I can tell, the only ones that are on-error are for domains no longer on the server, which should be removed.) So, what does all that mean? Thanks!
    0
  • cPRex Jurassic Moderator
    @kgs - at this point we'd need to examine the server directly to get more details. I'd hate to guess on the cause and further add confusion. Could you submit a ticket to our team and then post the number here so I can follow along?
    0
  • kgs
    Thanks @cPRex. I did not get the email warning this morning, so it appears to have resolved itself. I'll circle back if I start seeing issues again.
    0
  • kgs
    Hey @cPRex we got that email warning again. I noticed that our server's main certificate expires on Feb 25, 2022. Could that be the certificate the server is trying to renew? How far in advance does the server try to renew that certificate? Anyway, I opened a ticket as you suggested. #94413175 Thanks!
    0
  • cPRex Jurassic Moderator
    @kgs - yes, if it's the hostname certificate that is not something that would be fixed by switching to Let's Encrypt. I'm following along with that ticket on my end as well now.
    0
  • cPRex Jurassic Moderator
    I see that our support team was able to resolve this issue by moving the /var/cpanel/hostname_cert_csrs directory out of the way and then requesting a new certificate.
    0
  • horizon2021
    I'm also seeing this behavior on a server 5-days in a row now during the nightly cron the same as the first post: The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day
    0
  • Reado
    AutoSSL is failing and some of our SSL certificates have now expired as a result! This error appears in the AutoSSL logs for the domains that have expired: "The response to the HTTP (Hypertext Transfer Protocol) "POST" request from " indicated an error (500, Internal Server Error):
    0
  • cPRex Jurassic Moderator
    Update - the hostname certificate issue has been resolved in versions 100.0.8. This was already fixed in all versions of 102. @Reado - the issues you're seeing are related to the Sectigo issues being discussed here:
    0
  • horizon2021
    I'm also seeing this behavior on a server 5-days in a row now during the nightly cron the same as the first post: The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day

    After 5 or so nights, this server updated its hostname certificate now. One thing I noticed is that before WHM would send an email "your new hostname certificate has been issued" and this time, it did not send any such email. I liked it sending that email so that when I found the cert different, I knew it was an intentional change.
    0
  • cPRex Jurassic Moderator
    Hmmmm I'm not aware of any changes to the notification system. Do you see any evidence of it trying to send that if you use this search in the Exim logs? grep -i certificate /var/log/exim_mainlog | grep -v mismatch
    0
  • horizon2021
    I've now had the hostname ssl cert renew on 3 servers with the new cpanel provided 90-day hostname cert, and none of them has sent an email regarding the new hostname cert being installed. All of them had the cpanel store temporarily unavailable error email sent several days in a row this time though until they finally completed this time (before I got no error emails and one success email per server when a new cert was installed.) The last hostname SSL certificate email I got was in March of 2021 "Your free cPanel-signed hostname SSL certificate for is available" and this was for a 1-year hostname cert.
    0
  • noox
    I got the same error mails for 3 days in a row now on my WHHM DNSOnly server. Is there something special to consider (as there is no AutoSSL) or should a just wait for a couple of days? I'm on v100.0.9
    0
  • noox
    It failed today the 5th time on my WHM DNSOnly server. This time I noticed the hint in the mail: [QUOTE]This notice is the result of a request from "/usr/local/cpanel/bin/checkallsslcerts".
    So I executed this manually. Finally it worked.
    0
  • cPRex Jurassic Moderator
    @horizon2021 - I confirmed the hostname SSL renewals are no longer sending that notification. I reached out to the team through case CPANEL-40040 to have them check and see if this is intended behavior (reduced noise since this happens every 90 days) or something that needs to be addressed. I'll be sure to post as I hear more on the issue.
    0
  • vagmor
    hello it has been more than a week that keeps failing to get new SSL for my dns only server... and when i run /usr/local/cpanel/bin/checkallsslcerts i get this error The system will check for the certificate for the "cpanel"" service. The system will attempt to verify that the certificate for the "cpanel"" service is still valid using OCSP (Online Certificate Status Protocol). The "cpanel"" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "cpanel"" service and any other services that use the old certificate. The system will attempt to install a certificate for the "cpanel"" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel"" service. The system will attempt to install a certificate for the "cpanel"" service from the cPanel store. Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/F381A61B1D3A65F475DEC4466303391F.txt) " " complete. Setting up DNS DCV for "ns2.****.gr"" " " complete. Attempting DNS DCV preflight checks " ns2.***.gr: DNS DCV OK indicated an error (504, Gateway Time-out):

    504 Gateway Tim" Undoing HTTP DCV setup (/usr/local/apache/htdocs/.well-known/pki-validation/F381A61B1D3A65F475DEC4466303391F.txt) " " complete. Enqueueing undo of DNS DCV setup (CNAME _f381a61b1d3a65f475dec4466303391f.ns2.****.gr) " Undoing DNS DCV setup " " done. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID azjkyn) The response to the HTTP (Hypertext Transfer Protocol) "POST"" request from " indicated an error (504, Gateway Time-out):

    504 Gateway Tim" The system will check for the certificate for the "exim"" service. The system will attempt to verify that the certificate for the "exim"" service is still valid using OCSP (Online Certificate Status Protocol). The "exim"" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "exim"" service and any other services that use the old certificate. The system will attempt to install a certificate for the "exim"" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim"" service.

    0
  • cPRex Jurassic Moderator
    @vagmor - that seems like a different error than the original subject of this thread. Can you try temporarily disabling the firewall on your server and then running the "/usr/local/cpanel/bin/checkallsslcerts" command to see if that gets the SSL installed?
    0
  • vagmor
    @vagmor - that seems like a different error than the original subject of this thread. Can you try temporarily disabling the firewall on your server and then running the "/usr/local/cpanel/bin/checkallsslcerts" command to see if that gets the SSL installed?

    yes it seems it was csf firewall... but i have the same type of setup for years... why it happened now? maybe you have some ips i should whitelist??
    0
  • cPRex Jurassic Moderator
    We do have a list of Sectigo IPs here that you can add to the whitelist on the server:
    0

Please sign in to leave a comment.