Solutions to common problems may be listed here.
By default, the daemon will output logging to the file at:
/var/log/letsencrypt-cpanel.log. On CentOS 7+ logging is managed by systemd and can be accessed via
journalctl -u letsencrypt-cpanel -l
If you are experiencing any issues with the daemon, we recommend checking here first.
Any errors generated by the cPanel CGI plugin will be logged to:
If you are experiencing any issues accessing or using the plugin from cPanel, check here first.
Symptoms and Solutions
Licence error when visiting the plugin page
Ensure that the daemon service is running:
service letsencrypt-cpanel status && service letsencrypt-cpanel restart
If the error persists, please run the technical support command on our contact page and email us at email@example.com.
Failed to issue certificate: The Let’s Encrypt™ HTTP challenge failed - is .well-known/acme-challenge accessible in your webroot?
First, you need to check that you can actually access http://your-domain.com/.well-known/acme-challenge . If you cannot, then the issue is likely an
.htaccess rule blocking access. Try including the following lines at the top of your
RewriteEngine On RewriteRule ^.well-known - [L]
Rate limit error - too many certificates for this domain
Most likely, you have issued and deleted certificates of the same root domain too many times. These limits are quite low during the Let’s Encrypt™ beta period.
Rate limit error - too many registrations
The server may have hit a rate limit for too many new account registrations for a single IP address.
In this case, you should be able to proceed within 24 hours.
Icon not visible in cPanel
If the Let’s Encrypt™ icon is not visible in the cPanel list even though the link is present, this is most likely a caching issue. If forcing a refresh in your browser (Control+R) does not fix this, the plugin may need to be re-installed to refresh the cPanel icon cache for the plugin.
Self-Test - Can talk to WHM API ………… FAILED: 403 Forbidden Access denied.
If you get this error, then the plugin is unable to talk to the WHM API.
From cPanel 64 onwards, the plugin uses the API Token feature in cPanel to do this. The API Token used is automatically generated by the plugin and stored in
You can test whether this token works with the following request:
curl -vvv -H "Authorization: whm root:$(cat /etc/.letsencrypt-cpanel-api-token)" -i -k https://$(hostname):2087/json-api/version
How to fix:
- Try the above request to determine if:
- The request is being sent to the correct server (it should go back to the local server)
- The request succeeds (does not get a Forbidden or Access Denied error)
- If the request fails, try to re-generate the token:
rm -f /etc/.letsencrypt-cpanel-api-token
service letsencrypt-cpanel restart
- If that fails, then please check that WHM Host Access Control is allowing access to
- In a new cPanel installation, this is usually not the issue.
- The IP address that needs to be permitted will be the one shown by the above