Service SSL Certificates not reissued when call "/usr/local/cpanel/bin/checkallsslcerts --verbose"
AnsweredHello!
We try to renew the certificate for the “cpanel” service because it expires in less than 25 days runjing "/usr/local/cpanel/bin/checkallsslcerts" but it returns and error:
'No key ID has been set. Either pass “key_id” to new(), or create_account().'
This is the log:
/usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “cpanel” service.
The system will attempt to get a new certificate for the domains: xxx.domain.net, autoconfig.xxx.domain.net, autodiscover.xxx.domain.net, cpanel.xxx.domain.net, cpcalendars.xxx.domain.net, cpcontacts.oxxx.domain.net, ipv6.oxxx.domain.net, mail.xxx.domain.net, webdisk.xxx.domain.net, webmail.xxx.domain.net, whm.xxx.domain.net, www.xxx.domain.net
Net::ACME2::X::Generic: No key ID has been set. Either pass “key_id” to new(), or create_account().
==> Net::ACME2::X::Generic::new('Net::ACME2::X::Generic', 'No key ID has been set. Either pass “key_id” to new(), or create_account().') (called in /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/X/Tiny.pm at line 169)
==> X::Tiny::create('Net::ACME2::X', 'Generic', 'No key ID has been set. Either pass “key_id” to new(), or create_account().') (called in /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/Net/ACME2.pm at line 609)
==> Net::ACME2::_die_generic('No key ID has been set. Either pass “key_id” to new(), or create_account().') (called in /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/Net/ACME2.pm at line 539)
==> Net::ACME2::_require_key_id(Net::ACME2::LetsEncrypt=HASH(0x2e24140), HASH(0x2e05f50)) (called in /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/Net/ACME2.pm at line 349)
==> Net::ACME2::create_order(Net::ACME2::LetsEncrypt=HASH(0x2e24140), 'identifiers', ARRAY(0x314ee10)) (called in /var/cpanel/perl/Cpanel/SSL/ACME.pm at line 56)
==> Cpanel::SSL::ACME::__ANON__() (called in /usr/local/cpanel/Cpanel/Try.pm at line 193)
==> (eval)() (called in /usr/local/cpanel/Cpanel/Try.pm at line 193)
==> Cpanel::Try::try(CODE(0x3099f28), 'Net::ACME2::X::ACME', CODE(0x2924b90)) (called in /var/cpanel/perl/Cpanel/SSL/ACME.pm at line 72)
==> Cpanel::SSL::ACME::create_order_for_domains(Net::ACME2::LetsEncrypt=HASH(0x2e24140), 'xxx.domain.net', 'autoconfig.xxx.domain.net', 'autodiscover.xxx.domain.net', 'cpanel.xxx.domain.net', 'cpcalendars.xxx.domain.net', 'cpcontacts.xxx.domain.net', 'ipv6.xxx.domain.net', 'mail.xxx.domain.net', 'webdisk.xxx.domain.net', 'webmail.xxx.domain.net', 'whm.xxx.domain.net', 'www.xxx.domain.net') (called in /var/cpanel/perl/Cpanel/SSL/ACME/DCV.pm at line 97)
==> Cpanel::SSL::ACME::DCV::new('Cpanel::SSL::ACME::DCV', 'acme', Net::ACME2::LetsEncrypt=HASH(0x2e24140), 'domains', ARRAY(0x17593a0), 'provider', Cpanel::SSL::Auto::Provider::LetsEncrypt=HASH(0x2939100)) (called in bin/checkallsslcerts.pl at line 763)
==> bin::checkallsslcerts::_create_dcv(bin::checkallsslcerts=HASH(0x1a282b0), Net::ACME2::LetsEncrypt=HASH(0x2e24140), ARRAY(0x17593a0), Cpanel::SSL::Auto::Provider::LetsEncrypt=HASH(0x2939100)) (called in bin/checkallsslcerts.pl at line 731)
==> (eval)(bin::checkallsslcerts=HASH(0x1a282b0), Net::ACME2::LetsEncrypt=HASH(0x2e24140), ARRAY(0x17593a0), Cpanel::SSL::Auto::Provider::LetsEncrypt=HASH(0x2939100)) (called in bin/checkallsslcerts.pl at line 731)
==> bin::checkallsslcerts::_attempt_dcv_for_domains(bin::checkallsslcerts=HASH(0x1a282b0), Cpanel::SSL::Auto::Provider::LetsEncrypt=HASH(0x2939100), 'xxx.domain.net', 'autoconfig.xxx.domain.net', 'autodiscover.xxx.domain.net', 'cpanel.xxx.domain.net', 'cpcalendars.xxx.domain.net', 'cpcontacts.xxx.domain.net', 'ipv6.xxx.domain.net', 'mail.xxx.domain.net', 'webdisk.xxx.domain.net', 'webmail.xxx.domain.net', 'whm.xxx.domain.net', 'www.xxx.domain.net') (called in bin/checkallsslcerts.pl at line 609)
==> bin::checkallsslcerts::_replace_cert_with_ca_signed_cert_from_lets_encrypt(bin::checkallsslcerts=HASH(0x1a282b0), 'cpanel') (called in bin/checkallsslcerts.pl atline 443)
==> bin::checkallsslcerts::_check_notify_and_auto_renew_cert_for_service(bin::checkallsslcerts=HASH(0x1a282b0), 'cpanel') (called in bin/checkallsslcerts.pl at line 114)
==> bin::checkallsslcerts::run(bin::checkallsslcerts=HASH(0x1a282b0)) (called in bin/checkallsslcerts.pl at line 74)
...propagated at /usr/local/cpanel/Cpanel/Try.pm, line 230
There is a problem with de provider? LetsEncrypt it's now the main provider of cPanel Service SSL Certificates? We have to change anything? It not change automatically?
Thanks
Marc
-
Try to select "Recreate my current registration with LetsEncrypt".
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!* Open a ticket
EmergencySupport - Professional Server Management and One-time Services0 -
Hello!
I find more information in this post: https://support.cpanel.net/hc/en-us/community/posts/21886701074199-Self-signed-cert-on-DNSOnly-server
I got to: WHM >> Manage AutoSSL and check Let's Encrypt is selected and I agreed to the terms of service. After this I trun "/usr/local/cpanel/bin/checkallsslcerts --verbose" and all certificates ara reissued.
I think it's solved now.1 -
I'm glad you found a good solution!
0
Please sign in to leave a comment.
Comments
3 comments