The cPanel Store returned an error (X::TemporarilyUnavailable)
On service cert renewal last night on 2 machines:
The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID yhjh8r) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day": We were unable to process your request. Please try again later.
-
Happened again last night.... What is the manual workaround? 0 -
Happened again last night.... What is the manual workaround?
Ok - the 30/3 day service cert issue.... Perform all 3 commands if it fails or just the last one?0 -
As @Steini Petur mentioned, there are known issues with the Sectigo network at this time. We're hoping they fix it soon, but I don't have any other updates to provide on my end. 0 -
mine expire at midnight - so should I start pounding away or wait till evening when load is lighter? 0 -
@ljj3 - if they are domain SSLs, you can switch to Let's Encrypt. If its the hostname SSL, I can only recommend continuing to try. 0 -
@ljj3 - if they are domain SSLs, you can switch to Let's Encrypt. If its the hostname SSL, I can only recommend continuing to try.
yep - service ssl - we use LE on domains.....0 -
We're getting this, too. Second day in a row. The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID 7hru39) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day": We were unable to process your request. Please try again later. 0 -
Just try manually - third time it worked.... 0 -
Thanks @ljj3 Can you provide the steps for doing this manually? 0 -
You can run AutoSSL manually through WHM >> Manage AutoSSL for each user, or you can run the /usr/local/cpanel/bin/autossl_check command with either of these two options: /usr/local/cpanel/bin/autossl_check --username OR /usr/local/cpanel/bin/autossl_check --all
0 -
Thank you @cPRex Perhaps I'm not understanding the warning, then. For the past 2 days, the server has sent me an email with the warning I posted earlier. "The system failed to acquire a signed certificate from the cPanel Store" etc. However, for the last 2 days, when I check the AutoSSL logs in WHM, there are logs there with timestamps more than 6 hours after the email warnings, and the log is filled with success TLS statuses. (As far as I can tell, the only ones that are on-error are for domains no longer on the server, which should be removed.) So, what does all that mean? Thanks! 0 -
@kgs - at this point we'd need to examine the server directly to get more details. I'd hate to guess on the cause and further add confusion. Could you submit a ticket to our team and then post the number here so I can follow along? 0 -
Thanks @cPRex. I did not get the email warning this morning, so it appears to have resolved itself. I'll circle back if I start seeing issues again. 0 -
Hey @cPRex we got that email warning again. I noticed that our server's main certificate expires on Feb 25, 2022. Could that be the certificate the server is trying to renew? How far in advance does the server try to renew that certificate? Anyway, I opened a ticket as you suggested. #94413175 Thanks! 0 -
@kgs - yes, if it's the hostname certificate that is not something that would be fixed by switching to Let's Encrypt. I'm following along with that ticket on my end as well now. 0 -
I see that our support team was able to resolve this issue by moving the /var/cpanel/hostname_cert_csrs directory out of the way and then requesting a new certificate. 0 -
I'm also seeing this behavior on a server 5-days in a row now during the nightly cron the same as the first post: The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day 0 -
AutoSSL is failing and some of our SSL certificates have now expired as a result! This error appears in the AutoSSL logs for the domains that have expired: "The response to the HTTP (Hypertext Transfer Protocol) "POST" request from " indicated an error (500, Internal Server Error): 0 -
I'm also seeing this behavior on a server 5-days in a row now during the nightly cron the same as the first post: The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day
After 5 or so nights, this server updated its hostname certificate now. One thing I noticed is that before WHM would send an email "your new hostname certificate has been issued" and this time, it did not send any such email. I liked it sending that email so that when I found the cert different, I knew it was an intentional change.0 -
Hmmmm I'm not aware of any changes to the notification system. Do you see any evidence of it trying to send that if you use this search in the Exim logs? grep -i certificate /var/log/exim_mainlog | grep -v mismatch
0 -
I've now had the hostname ssl cert renew on 3 servers with the new cpanel provided 90-day hostname cert, and none of them has sent an email regarding the new hostname cert being installed. All of them had the cpanel store temporarily unavailable error email sent several days in a row this time though until they finally completed this time (before I got no error emails and one success email per server when a new cert was installed.) The last hostname SSL certificate email I got was in March of 2021 "Your free cPanel-signed hostname SSL certificate for is available" and this was for a 1-year hostname cert. 0 -
I got the same error mails for 3 days in a row now on my WHHM DNSOnly server. Is there something special to consider (as there is no AutoSSL) or should a just wait for a couple of days? I'm on v100.0.9 0 -
It failed today the 5th time on my WHM DNSOnly server. This time I noticed the hint in the mail: [QUOTE]This notice is the result of a request from "/usr/local/cpanel/bin/checkallsslcerts".
So I executed this manually. Finally it worked.0 -
@horizon2021 - I confirmed the hostname SSL renewals are no longer sending that notification. I reached out to the team through case CPANEL-40040 to have them check and see if this is intended behavior (reduced noise since this happens every 90 days) or something that needs to be addressed. I'll be sure to post as I hear more on the issue. 0 -
hello it has been more than a week that keeps failing to get new SSL for my dns only server... and when i run /usr/local/cpanel/bin/checkallsslcerts i get this error The system will check for the certificate for the "cpanel"" service. The system will attempt to verify that the certificate for the "cpanel"" service is still valid using OCSP (Online Certificate Status Protocol). The "cpanel"" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "cpanel"" service and any other services that use the old certificate. The system will attempt to install a certificate for the "cpanel"" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel"" service. The system will attempt to install a certificate for the "cpanel"" service from the cPanel store. Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/F381A61B1D3A65F475DEC4466303391F.txt) " " complete. Setting up DNS DCV for "ns2.****.gr"" " " complete. Attempting DNS DCV preflight checks " ns2.***.gr: DNS DCV OK indicated an error (504, Gateway Time-out): 504 Gateway Tim" Undoing HTTP DCV setup (/usr/local/apache/htdocs/.well-known/pki-validation/F381A61B1D3A65F475DEC4466303391F.txt) " " complete. Enqueueing undo of DNS DCV setup (CNAME _f381a61b1d3a65f475dec4466303391f.ns2.****.gr) " Undoing DNS DCV setup " " done. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID azjkyn) The response to the HTTP (Hypertext Transfer Protocol) "POST"" request from " indicated an error (504, Gateway Time-out):
504 Gateway Tim" The system will check for the certificate for the "exim"" service. The system will attempt to verify that the certificate for the "exim"" service is still valid using OCSP (Online Certificate Status Protocol). The "exim"" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "exim"" service and any other services that use the old certificate. The system will attempt to install a certificate for the "exim"" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim"" service.
0 -
@vagmor - that seems like a different error than the original subject of this thread. Can you try temporarily disabling the firewall on your server and then running the "/usr/local/cpanel/bin/checkallsslcerts" command to see if that gets the SSL installed? 0 -
@vagmor - that seems like a different error than the original subject of this thread. Can you try temporarily disabling the firewall on your server and then running the "/usr/local/cpanel/bin/checkallsslcerts" command to see if that gets the SSL installed?
yes it seems it was csf firewall... but i have the same type of setup for years... why it happened now? maybe you have some ips i should whitelist??0
Please sign in to leave a comment.
Comments
69 comments