WHM Service Certificate Not Renewing - cpanel store error

[MHFraser]

A server is having trouble renewing the service certificate that comes with a cpanel license.
the license check comes back good.
14 days till expiry
server is 4 years old

is this my end or cpanels?

# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/ <redacted>.txt) …
… complete.
Setting up DNS DCV for “<redacted>.<redacted>.host” …
… complete.

Attempting DNS DCV preflight checks …
<redacted>.<redacted>.host: DNS DCV OK
www. <redacted>.<redacted>.host: DNS DCV OK
mail. <redacted>.<redacted>.host: DNS DCV OK
cpanel. <redacted>.<redacted>.host: DNS DCV OK
webmail. <redacted>.<redacted>.host: DNS DCV OK
whm. <redacted>.<redacted>.host: DNS DCV OK
cpcalendars. <redacted>.<redacted>.host: DNS DCV OK
cpcontacts. <redacted>.<redacted>.host: DNS DCV OK
Succeeded domains: 8
Failed domains: 0
Requesting certificate from cPStore …

The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

 

[SimpleSonic]

If you are using Sectigo as the AutoSSL provider, try switching to Let's Encrypt and that should resolve the issue.

 

[quietFinn]

@MHFraser I would not be very worried about that, I get those messages quite often, and the certificate is always renewed before it expires.

@ResellerWiz WHM Service SSL Certificates has nothing to do with AutoSSL.

 

[MHFraser]

I would not be very worried about that, I get those messages quite often, and the certificate is always renewed before it expires.

ok thanks, I'll keep an eye on it.
I do have connections to the host directly so this will hurt if it doesn't renew.

 

[cPanelWilliam]

Hello! The error you reported indicates that Sectigo's servers cannot accept more incoming requests at that time. The workaround in this situation would be to try rerunning the checkallsslcerts script at a later time. Optionally, you can set up a cron under the root user to run the checkallsslcerts script as a workaround:

Hostname certificate not issued: The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

 

[MHFraser]

Hello! The error you reported indicates that Sectigo's servers cannot accept more incoming requests at that time. The workaround in this situation would be to try rerunning the checkallsslcerts script at a later time. Optionally, you can set up a cron under the root user to run the checkallsslcerts script as a workaround:

thanks, have run several times and still failing for me.
will setup the cronjob to run increasingly often until the cert renews.

Requesting certificate from cPStore …
The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

 

[SimpleSonic]

@ResellerWiz WHM Service SSL Certificates has nothing to do with AutoSSL.

Oops! You are correct. I had used FleetSSL's Let's Encrypt cPanel plugin in the past that did include the service certificate and I confused the two.

 

[ttremain]

A server is having trouble renewing the service certificate that comes with a cpanel license.
the license check comes back good.
.
.
.
.
The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.

In a current case, we have one that all service certificates have expired. I was able to replace them with self-signed, but /usr/local/cpanel/bin/checkallsslcerts continues to fail.

 

[cPRex]

@ttremain - if the renewals are failing, you should have good details as to why in the logs at WHM >> Manage AutoSSL under the "Logs" tab.

 

[ttremain]

@ttremain - if the renewals are failing, you should have good details as to why in the logs at WHM >> Manage AutoSSL under the "Logs" tab.

Aren't the autossl logs just for user account SSL certificates? This is for service SSL certs.

 

[cPRex]

Oooooh sorry about that! Service SSL renewals should show some details when you run the checkallsslcerts command, or the notification from the server will include something like this:

" "The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID q7wtrj) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later""

Do you have any similar output from the command that provides helpful details?

 

[ttremain]

Oooooh sorry about that! Service SSL renewals should show some details when you run the checkallsslcerts command, or the notification from the server will include something like this:

" "The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID q7wtrj) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later""

Do you have any similar output from the command that provides helpful details?

Yes, the same error message I quoted above, is the one I was getting. Maybe I wasn't clear about that.

I put it in a CRON to run every 5 minutes and after about 2 hours I got a valid SSL again.

This seems to be a repeated theme. Does the cPanel store need additional servers to service their customers?

 

[cPRex]

Oh I see my confusion now - the quote box was weirdly shaped on my screen so I never saw the initial error.

The Sectigo delays are well-known, and unfortunately not up to us to resolve. Let's Encrypt has been the default SSL provider since version 112, but it doesn't do the hostname certificates..............yet!

 

[Reado]

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: All HTTP and DNS DCV preflight checks failed!

Our cPanel license has expired and won't renew!

 

[cPRex]

If your cPanel license is expired, AutoSSL will not work properly either. You'll need to contact our Customer Service team through a ticket to get the license issue resolved, if that was purchased from us.

 

[Reado]

If your cPanel license is expired, AutoSSL will not work properly either. You'll need to contact our Customer Service team through a ticket to get the license issue resolved, if that was purchased from us.

False alarm. I had some incorrect routing tables on our router that caused the SSL renewals to stop working! Now resolved.

 

[cPRex]

Glad to hear it!!