AutoSSL stopped working for new accounts and returning 403 from cpanel store
AnsweredHello,
Recently AutoSSL stopped working for newly added accounts.
Log file with error is not complete so cannot understand why is failing except 403 error
Is there any other logs that we can check?
LOG:
# pwd
/var/cpanel/logs/autossl/2024-09-10T06:43:58Z
# ll
total 16
-rw------- 1 root root 8051 Sep 10 08:44 json
lrwxrwxrwx 1 root root 6 Sep 10 08:43 provider -> cPanel
-rw------- 1 root root 4495 Sep 10 08:44 txt
lrwxrwxrwx 1 root root 28 Sep 10 08:43 upid -> 32144.15022162053.1575729017
lrwxrwxrwx 1 root root 3 Sep 10 08:43 username -> <REDACTED>
# cat txt
[2024-09-10T06:43:58Z] AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
[2024-09-10T06:43:58Z] This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
[2024-09-10T06:43:58Z] Analyzing “<REDACTED>”’s domains …
[2024-09-10T06:43:58Z] Analyzing “<REDACTED>” (website) …
[2024-09-10T06:43:58Z] TLS Status: Defective
[2024-09-10T06:43:58Z] Certificate expiry: 9/8/25, 12:32 PM UTC (363.24 days from now)
[2024-09-10T06:43:58Z] Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
[2024-09-10T06:43:58Z] Attempting to ensure the existence of necessary CAA records …
[2024-09-10T06:43:58Z] No CAA records were created.
[2024-09-10T06:43:58Z] Verifying 9 domains’ management status …
[2024-09-10T06:43:58Z] Verifying “cPanel (powered by Sectigo)”’s authorization on 9 domains via DNS CAA records …
[2024-09-10T06:43:58Z] “mail.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] “webmail.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] “www.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] CA authorized: “<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “www.<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “mail.<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “cpanel.<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “webdisk.<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “webmail.<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “cpcontacts.<REDACTED>”
[2024-09-10T06:43:58Z] CA authorized: “autodiscover.<REDACTED>”
[2024-09-10T06:43:58Z] “cpcalendars.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] “webdisk.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] “cpanel.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] “cpcontacts.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] CA authorized: “cpcalendars.<REDACTED>”
[2024-09-10T06:43:58Z] “cPanel (powered by Sectigo)” is authorized to issue certificates for 9 of this user’s 9domains.
[2024-09-10T06:43:58Z] “<REDACTED>” is managed.
[2024-09-10T06:43:58Z] “autodiscover.<REDACTED>” is managed.
[2024-09-10T06:43:58Z] All of this user’s 9 domains are managed.
[2024-09-10T06:43:58Z] Performing HTTP DCV (Domain Control Validation) on 9 domains …
[2024-09-10T06:43:59Z] Local HTTP DCV OK: <REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: www.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: mail.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: cpanel.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: webdisk.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: webmail.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: cpcontacts.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: cpcalendars.<REDACTED>
[2024-09-10T06:43:59Z] Local HTTP DCV OK: autodiscover.<REDACTED>
[2024-09-10T06:43:59Z] No local DNS DCV is necessary.
[2024-09-10T06:43:59Z] Processing “<REDACTED>”’s local DCV results …
[2024-09-10T06:43:59Z] Analyzing “<REDACTED>”’s DCV results …
[2024-09-10T06:43:59Z] AutoSSL will request a new certificate.
[2024-09-10T06:43:59Z] The system will attempt to renew the SSL certificate for (<REDACTED>: <REDACTED> www.<REDACTED> mail.<REDACTED> webmail.<REDACTED> cpanel.<REDACTED> autodiscover.<REDACTED> webdisk.<REDACTED> cpcontacts.<REDACTED> cpcalendars.<REDACTED>).
[2024-09-10T06:44:00Z] AutoSSL failed to request an SSL certificate for “<REDACTED>” because of an error: (XID7d6qym) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html>
[2024-09-10T06:44:00Z] <!--[if lt IE 7…
[2024-09-10T06:44:00Z] The system has completed “<REDACTED>”’s AutoSSL check.
edit: redacted end user data
-
Was it working fine before? And have you check the HTTPS status of your wordpress before installation?
0 -
Hello Saba,
This is shared hosting server and all other old accounts are fine. This issue is happening for two new accounts that are added to server.
I am trying to understand error in log but its not complete
[2024-09-10T06:44:00Z] AutoSSL failed to request an SSL certificate for “prevozbeogradpag.rs” because of an error: (XID7d6qym) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html>
[2024-09-10T06:44:00Z] <!--[if lt IE 7…
Why POST of servers AutoSSL service towards cPanel server https://store.cpanel.net/json-api/ssl/certificate/free is forbidden and returning 403? Is there any additional log that I can check for perhaps full error?
Thanks,
Alex0 -
Sometimes it takes some time to update the SSL certificate. This has happened with me too. It tool almost a day then it got fixed itself.
Just enable the Auto-SSL from your cpanel and wait0 -
Hey there! I would recommend switching your AutoSSL provider to Sectigo to see if you get better results here - https://docs.cpanel.net/knowledge-base/third-party/the-lets-encrypt-plugin/
0 -
Hello cPRex,
It seems that we cannot install LE, it looks like same error 403 when our server tries to reach yours
Installation log:
# ./install_lets_encrypt_autossl_provider
Cpanel::Exception::HTTP::Server/(XID pwje3z) The response to the HTTP (Hypertext Transfer Protocol) “GET” request from “https://securedownloads.cpanel.net/cpanel-plugins/0/cpanel-plugins.repo” indicated an error (403, Forbidden): <!DOCTYPE html>
<!--[if lt IE 7…
at /usr/local/cpanel/Cpanel/HTTP/Client.pm line 132.
Cpanel::HTTP::Client::request(Cpanel::HTTP::Client=HASH(0x206be10), "GET", "https://securedownloads.cpanel.net/cpanel-plugins/0/cpanel-pl"..., HASH(0x20127a0)) called at (eval 6) line 6
HTTP::Tiny::get(Cpanel::HTTP::Client=HASH(0x206be10), "https://securedownloads.cpanel.net/cpanel-plugins/0/cpanel-pl"...) called at /usr/local/cpanel/Cpanel/Plugins/Repo.pm line 111
Cpanel::Plugins::Repo::get_config() called at /usr/local/cpanel/Cpanel/Plugins/Repo.pm line 66
Cpanel::Plugins::Repo::install() called at /usr/local/cpanel/Cpanel/Plugins.pm line 140
Cpanel::Plugins::install_or_upgrade_plugins("cpanel-letsencrypt-v2") called at ./install_lets_encrypt_autossl_provider line 19
scripts::install_lets_encrypt_autossl_provider::run() called at ./install_lets_encrypt_autossl_provider line 160 -
Interesting - maybe there is a larger issue happening with the server.
Does a generic "yum update" work on the system?
1 -
Hi cPRex
That was good lead, command worked but have some broken packages from EPEL repo.
So we used CentOS vault mirrors and Fedora archive mirrors for EPEL to fix some package broken dependency.
After all changes we have purged yum cache and created new cache.
At the end we run cpanel update script from server console and everything is fixed.
Thanks everyone for help issue is resolved.0 -
I'm glad that got you pointed in the right direction!
0 -
We are also facing the same issue, Can you please help us by giving an exact solution? Can you please explain little more about "So we used CentOS vault mirrors and Fedora archive mirrors for EPEL to fix some package broken dependency."
0 -
If you are having issues installing the package, can you try running these commands to refresh the Yum data on the system?
yum clean all
yum makecache
yum update0 -
Hi cPRex
We have the same problem:8:12:17 AM Analyzing “<REDACTED>”’s DCV results …
8:12:17 AM SUCCESS “cPanel (powered by Sectigo)” HTTP DCV OK: <REDACTED>
SUCCESS “cPanel (powered by Sectigo)” HTTP DCV OK: <REDACTED>
AutoSSL will request a new certificate.
8:12:17 AM The system will attempt to renew the SSL certificates for (<REDACTED>).
ERROR AutoSSL failed to request an SSL certificate for “<REDACTED>” because of an error: (XID 7p68wr) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html> <!--[if lt IE 7…
ERROR AutoSSL failed to request an SSL certificate for “<REDACTED>” because of an error: (XID 7h3npy) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html> <!--[if lt IE 7…
ERROR AutoSSL failed to request an SSL certificate for “<REDACTED>” because of an error: (XID ykvq79) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html> <!--[if lt IE 7…
ERROR AutoSSL failed to request an SSL certificate for “<REDACTED>” because of an error: (XID gnr4a9) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html> <!--[if lt IE 7…
ERROR AutoSSL failed to request an SSL certificate for “<REDACTED>” because of an error: (XID ugu9e4) The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (403, Forbidden): <!DOCTYPE html> <!--[if lt IE 7…The installation of the LE provider also does not work, the same error 403 Forbidden:
# /scripts/install_lets_encrypt_autossl_provider
Cpanel::Exception::HTTP::Server/(XID pwje3z) The response to the HTTP (Hypertext Transfer Protocol) “GET” request from “https://securedownloads.cpanel.net/cpanel-plugins/0/cpanel-plugins.repo” indicated an error (403, Forbidden): <!DOCTYPE html>
<!--[if lt IE 7…Rebuilding the Yum cache `yum clean all; yum makecache; yum update` completes without problems, but the problem with AutoSSL remains.
Best regards,
Miron0 -
Miron Jajtic - what cPanel version are you using?
0 -
It's CentOS v7.9 with cPanel v106.0.18
0 -
Could you update your server to 110 and try that work again? Version 110 still supports CentOS 7, and I'm not sure of a good reason for the Let's Encrypt installation to give a 403 error, so updating the system is your best option at this point.
0 -
Thanks cPRex, it worked, updated cpanel to version 11.110 and autossl renewed the certificates with Let's Encrypt out of the box.
0 -
I'm glad that worked!
0
Please sign in to leave a comment.
Comments
16 comments