Issue with SSL certificate renewal - 500 Internal Server Error during cPanel API call

ju_lee_ho

Hello everyone,

I'm facing a problem with SSL certificate renewal on pfSense. I set up HAProxy about three months ago, using my domain's wildcard SSL certificate to enable HTTPS access to my internal services within my home network. Initially, everything worked fine, and the DNS records were correctly set up through the cPanel APIs.

However, after upgrading pfSense to version 2.7.0 (I don't know if means something), I encountered an error when attempting to renew the certificate using the "Issue/Renew" option. Here's the error I received during the renewal attempt:

Adding TXT record to cPanel based system
fulldomain='_acme-challenge.example.com'
txtvalue='4nKU************************iVjE'
cPanel_Username='sydoroth'
cPanel_Apitoken='***REDACTED***'
cPanel_Hostname='https://example.com'
APP
5:SAVED_cPanel_Username='sydoroth'
APP
6:SAVED_cPanel_Apitoken='***REDACTED***'
APP
7:SAVED_cPanel_Hostname='https://example.com'
GET
url='https://example.com/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo'
timeout=
Http already initialized.
_CURL='curl --silent --dump-header /tmp/acme/WildcardHomeLab/http.header -L -g '
ret='0'
First detect the root zone
GET
url='https://example.com/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'
timeout=
Http already initialized.
_CURL='curl --silent --dump-header /tmp/acme/WildcardHomeLab/http.header -L -g '
ret='0'
_result is: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at
 webmaster@example.com to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
<p>Additionally, a 500 Internal Server Error
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
_domains is:
Primary domain list not found!
No matching root domain for _acme-challenge.example.com found
Error add txt for domain:_acme-challenge.example.com
_on_issue_err

As you can see, there seems to be an issue with the cPanel API call, which returns a 500 Internal Server Error. I'm concerned that this might be a problem with cPanel itself, but at the same time, I might have made some configuration mistakes.

Has anyone encountered a similar issue or have any ideas on how to resolve it? Is there anything else I might be overlooking?

Thank you in advance to anyone who can provide assistance or guidance in resolving this situation.

Best regards

Gertjan

@ju_lee_ho said in Issue with SSL certificate renewal - 500 Internal Server Error during cPanel API call:

GET
url='https://example.com/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'

When doing this :

https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_cpanel.sh line 124 no "_domains" where coming back. So it bails out.

So, I tend to cay : check what "domains" you think that should come back from "'https://example.com/json-api/cpanel?..." : what has been set up on that side ?
The URL shows that it contacts "https://example.com/json-api/cpanel...." with the parameter (get me the) "fetchzones".
At that moment, there was already a call to the same URL to log you in, and that was granted - see line 106 in the file mentioned.

I'm not using that acme.sh dnsapi "cpanel" myself (dono what 'cpanel' is), I'm just 'interpreting' the logs lines.

ju_lee_ho

@Gertjan thanks for helping.

I deleted and wiped the affected certificate and added everything again from scratch.
The cPanel API now succeded to issue the certificate.

Thanks again