Troubleshooting

Solutions to common problems may be listed here.

Logging

By default, the daemon will output logging to the file at: /var/log/letsencrypt-cpanel.log. On CentOS 7+ logging is managed by systemd and can be accessed via

journalctl -u letsencrypt-cpanel -l

If you are experiencing any issues with the daemon, we recommend checking here first.

Any errors generated by the cPanel CGI plugin will be logged to: /usr/local/cpanel/logs/error_log
If you are experiencing any issues accessing or using the plugin from cPanel, check here first.

Symptoms and Solutions

Licence error when visiting the plugin page

Ensure that the daemon service is running:

service letsencrypt-cpanel status && service letsencrypt-cpanel restart

If the error persists, please run the technical support command on our contact page and email us at support@fleetssl.com.

Failed to issue certificate: The Let’s Encrypt™ HTTP challenge failed - is .well-known/acme-challenge accessible in your webroot?

First, you need to check that you can actually access http://your-domain.com/.well-known/acme-challenge . If you cannot, then the issue is likely an .htaccess rule blocking access. Try including the following lines at the top of your .htaccess file:

RewriteEngine On
RewriteRule ^.well-known - [L]

Rate limit error - too many certificates for this domain

Most likely, you have issued and deleted certificates of the same root domain too many times. These limits are quite low during the Let’s Encrypt™ beta period.

Rate limit error - too many registrations

The server may have hit a rate limit for too many new account registrations for a single IP address.

In this case, you should be able to proceed within 24 hours.

Icon not visible in cPanel

If the Let’s Encrypt™ icon is not visible in the cPanel list even though the link is present, this is most likely a caching issue. If forcing a refresh in your browser (Control+R) does not fix this, the plugin may need to be re-installed to refresh the cPanel icon cache for the plugin.

Self-Test - Can talk to WHM API ………… FAILED: 403 Forbidden Access denied.

If you get this error, then the plugin is unable to talk to the WHM API.

From cPanel 64 onwards, the plugin uses the API Token feature in cPanel to do this. The API Token used is automatically generated by the plugin and stored in /etc/.letsencrypt-cpanel-api-token.

You can test whether this token works with the following request:

curl -vvv -H "Authorization: whm root:$(cat /etc/.letsencrypt-cpanel-api-token)" -i -k https://$(hostname):2087/json-api/version

How to fix:

  1. Try the above request to determine if:
    • The request is being sent to the correct server (it should go back to the local server)
    • The request succeeds (does not get a Forbidden or Access Denied error)
  2. If the request fails, try to re-generate the token:
    • rm -f /etc/.letsencrypt-cpanel-api-token
    • service letsencrypt-cpanel restart
    • le-cp self-test
  3. If that fails, then please check that WHM Host Access Control is allowing access to whostmgrd.
    • In a new cPanel installation, this is usually not the issue.
    • The IP address that needs to be permitted will be the one shown by the above curl command.