service generated warnings while checking SSL certificates

[rolinger]

Starting a week ago on Dec 7th I have been two types of emails every morning at 4am EST related to SSL certs failing checks or updates. Are these due to more Sectigo outages?

1. The first more specific SSL cert checks/renewals emails I am getting are all for SERVICE SSLs (ie: ftp, exim, dovecot,cpanel), this doesn't appear to be impacting my public facing domains.

Subject: The SSL (Secure Sockets Layer) certificate for “exim” on “x.x.x.x.host.secureserver.net
Messaage:

The SSL certificate for “exim” on “x.x.x.x.host.secureserver.net” will expire in less than 30 days.

The certificate has the following properties: ​ Domains: x.x.x.x.host.secureserver.net Issuer: cPanel, Inc. Key Size: 4096 Expires: Saturday, December 31, 2022 at 11:59:59 PM UTC You need to install a new certificate as soon as possible. You can do this with WHM’s “Manage Service SSL Certificates” interface at https://70.220.167.72.host.secureserver.net:2087/scripts2/manageservicecrts. This notice is the result of a request from “checkallsslcerts”. The system generated this notice on Wednesday, December 14, 2022 at 7:19:25 AM UTC. “Service SSL Certificate Expires Soon” notifications are currently configured to have an importance of “Medium”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: https://x.x.x.x.host.secureserver.net:2087/scripts2/editcontact?event=Check::SSLCertExpiresSoon Do not reply to this automated message.

2. The 2nd more generic email messages I am getting are:

Subject: [x.x.x.x.host.secureserver.net] 1 service generated warnings while checking SSL certificates.
Message:

The following cPanel service generated warnings from the checkallsslcerts script. cpanel The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID g92n6y) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

This notice is the result of a request from “/usr/local/cpanel/bin/checkallsslcerts”. The system generated this notice on Wednesday, December 14, 2022 at 7:19:26 AM UTC. “cPanel service SSL certificate warnings” notifications are currently configured to have an importance of “Medium”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: https://x.x.x.x.host.secureserver.net:2087/scripts2/editcontact?event=SSL::CheckAllCertsWarnings Do not reply to this automated message.

 

[cPRex]

Hey there! The first notification about Exim is just letting you know the hostname certificate will expire. It will be automatically renewed as the expiration date gets closer.

The second notification, also about the hostname certificate, is the classic Sectigo error, but that should also resolve itself.

If the expiration gets too close for comfort, please submit a ticket to our team.

 

[rolinger]

When is the expectation of "should resolve itself"? Because I continue to get emails every day that the renewal services are failing.

 

[mmaciel]

Hey there! The first notification about Exim is just letting you know the hostname certificate will expire. It will be automatically renewed as the expiration date gets closer.

The second notification, also about the hostname certificate, is the classic Sectigo error, but that should also resolve itself.

If the expiration gets too close for comfort, please submit a ticket to our team.

Hello, i'm having the exact same problem with my hostname cert

if i run the checkallsslcerts command, i get this:

The system will attempt to install a certificate for the “exim/dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim/dovecot” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.

if i try to run the command again, i get the same message

we have less than 15 days til the cert expires and we've been getting these alerts for over two weeks now

worth noting that only the hostname cert is presenting this problem, the individual accounts certs are (apparently) fine

 

[cPRex]

@mmaciel - 15 days is still plenty. If it gets to 3 days and still doesn't renew, let us know, but that message indicates the order has been sent and Sectigo is processing it.

@rolinger - submit a ticket and we can check it out.