Issue with LetsEncrypt

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: myrani.com

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: nonic
I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

When i try to enable LetsEncrypt on WHM after Cpanel installation I am getting this error

API failure: Net::ACME2::x::HTTP::Network: The system failed to send an HTTP “GET” request to “https://acme-v02.api.letsencrypt.org/directory” because of an error: SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed ...propagated at /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/Net/ACME2/HTTP.pm, line 225

I have tried reinstalling Cpanel and OS twice already.

Please do help

2

Hello @Lohit, welcome to the Let's Encrypt community. :slightly_smiling_face:

Please share the output of openssl version and curl -v https://acme-v02.api.letsencrypt.org/directory.

1 Like
3

Also looks the same error as cPanel AutoSSL Error On WHM

Check you are on the latest version of everything, especially cpanel and all OS updates.

1 Like
4

openSSL version : 3.0.2

and

Blockquote
curl -v https://acme-v02.api.letsencrypt.org/directorycurl -v https://acme-v02.api.letsencrypt.org/directory

  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
  • Trying 172.65.32.248:443...
  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=acme-v02.api.letsencrypt.org
  • start date: Jan 19 00:13:59 2025 GMT
  • expire date: Apr 19 00:13:58 2025 GMT
  • subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
  • issuer: C=US; O=Let's Encrypt; CN=R10
  • SSL certificate verify ok.
  • Using HTTP2, server supports multiplexing
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • Using Stream ID: 1 (easy handle 0x55fdfbbdaeb0)
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /directorycurl HTTP/2
Host: acme-v02.api.letsencrypt.org
user-agent: curl/7.81.0
accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
    < HTTP/2 404
    < server: nginx
    < date: Sat, 01 Feb 2025 04:23:20 GMT
    < content-type: text/plain; charset=utf-8
    < content-length: 19
    < x-content-type-options: nosniff
    <
    404 page not found
  • Connection #0 to host acme-v02.api.letsencrypt.org left intact
  • Found bundle for host acme-v02.api.letsencrypt.org: 0x55fdfbbd4b30 [can multiplex]
  • Re-using existing connection! (#0) with host acme-v02.api.letsencrypt.org
  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • Using Stream ID: 3 (easy handle 0x55fdfbbdc1b0)
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /directory HTTP/2
Host: acme-v02.api.letsencrypt.org
user-agent: curl/7.81.0
accept: /

GET /directory HTTP/2
Host: acme-v02.api.letsencrypt.org
user-agent: curl/7.81.0
accept: /

Blockquote

5

On latest cpanel version

6

Ok, best to log a support ticket with Cpanel to ask why their software cannot connect. The issue will usually be that Cpanel is communicating with an outdated CA certificates trust store and they may have a command to refresh that.

2 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.