cPanel Autossl plugin gives error

Hello,
I was using Lets Encrypt for about a year without any problem. For the last month, I noticed some ssl issues. I tried to re-issue certificates, but gives below error:
Analyzing “aaa.bbb.com”’s DCV results …
Trying 1 wildcard domain (*.bbb.com) to maximize coverage …
Cpanel::Exception/(XID 4xu3dh) No key ID has been set. Either pass “key_id” to new(), or create_account().

When selecting Let's Encrypt for autossl from WHM, it gives below error:
API failure: Net::ACME2::HTTP::Network: The system failed to send an HTTP “GET” request to “https://acme-v02.api.letsencrypt.org/directory” because of an error: SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed ...propagated at /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/Net/ACME2/HTTP.pm, line 225

I checked several connection methods to https://acme-v02.api.letsencrypt.org/directory, and successfully connecting to the API:

curl -v https\://acme-v02.api.letsencrypt.org/directory
* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
*   Trying 172.65.32.248...
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=acme-v02.api.letsencrypt.org
* 	start date: Kas 19 15:15:46 2024 GMT
* 	expire date: Şub 17 15:15:45 2025 GMT
* 	common name: acme-v02.api.letsencrypt.org
* 	issuer: CN=R10,O=Let's Encrypt,C=US
> GET /directory HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-v02.api.letsencrypt.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Date: Thu, 05 Dec 2024 16:34:45 GMT
< Content-Type: application/json
< Content-Length: 746
< Connection: keep-alive
< Cache-Control: public, max-age=0, no-cache
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< 
{
  "Tm-W2qwxZQs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v02.api.letsencrypt.org left intact }

Could someone has any clue about that?

My ip is: 194.146.50.167

CentOS v7.9.2009 STANDARD,
cPanel version: 106.0.11

That error when connecting to the LE API usually means you have a firewall or outbound HTTPS inspection service interfering with that connection.

Since you curl test worked it is something unique to your Auto-SSL / WHM. Probably best to ask them about this too. I don't have any other ideas than above. Perhaps some other volunteer with personal knowledge of your config will suggest other things.

Updating cPanel to version 110.0.50 solved the issue.
Anyone who faces that issue try to update the cpanel/whm software.
Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.