Update from BWF Hosting at 4.30pm
We believe most servers now have all the certificate errors fixed. Things got a lot more stable during the afternoon. If anyone bought an SSL to get on line earlier and wants to cancel it just contact us and we will of course refund and issue a Free SSL again.
If you notice any lingering issues let us know and we'll be happy to assist
Update from BWF Hosting at 10.35am
Good Morning
There is a global issue affecting Let’s Encrypt Certificates issued on cPanel Web Servers specifically. This issue started happening at 5pm approximately on 30 September 2021 and is affecting a significant number of SSLs issued. It’s important to note that this issue extends beyond our servers and is a global issue with Let’s Encrypt and cPanel.
A little history & explanation of the problem
Until a couple of years ago SSL Certificates were chargeable products. Let’s Encrypt changed the landscape and made SSL Certificates free of charge. The issue today is affecting those users who are relying on the free Let’s Encrypt Certificates issued on cPanel servers. Any client on Direct Admin Control Panel or those with a paid SSL Certificate is not affected.
When will it be fixed?
We do not know. cPanel have told us there is a workaround on their public status page but when we run this workaround we are getting “error 429, Too Many Requests” so we assume the issuing servers for the free SSLs are being swamped as every user is trying to re-issue SSLs at once (as opposed to once every 90 days). Wo do not know when these SSLs will be able to be re-issued again. We are also getting Let’s Encrypt Rate Limit errors on other servers so we need to wait some time before trying again.
How can I fix my problem now?
You can buy a paid SSL Certificate and we can help you install this onto your website right away. We have a dedicated team ready to help with this on request by replying to this email. Paid Domain Validated SSLs we sell for £22 + VAT for 12 months. Whilst we appreciate paying for an SSL is not something many clients are used to any more, the reality is that this morning it is impossible for us to issue free SSLs due to the errors above. Paid SSLs have time associated with install but we are still some of the cheapest out there (GoDaddy charge £69.99 for example).
Where can I find more information?
The following links will give you more information about this issue:
https://support.cpanel.net/hc/en-us/articles/4409770365335%EF%BB%BF
https://forums.cpanel.net/threads/cpanel-33077-letsencrypt-transition-to-isrgs-root-important.673981/page-5
https://manage.bigwetfish.hosting/index.php/announcements/434/Lets-Encrypt-SSL-Issues.html
Please reply to this email with any questions or concerns and our team will do our best to assist. We apologise for this issue and obviously we are as frustrated as you are with how this has developed.
The BWF Team
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Update from cPanel at 7.00am
For those coming to this fresh this morning Let's Encrypt free SSL Certificates are broken worldwide on all cPanel servers. You can see links below if you read through this thread to cPanel forums etc.
cPanel have just published an update with a fix we believe. We will start applying this to all servers manually but it may take some time. You can read about this on the cPanel website here: https://support.cpanel.net/hc/en-us/articles/4409770365335 - our management will be sending a general information email later this morning to all active clients about this issue. Last night we tried to auto fix using the previous recommendated fix by cPanel (change Cert issuer to cPanel by Sectogo) but that was failing due to the issuing servers falling over so we started fixing issues as they were being reported one at a time. Sometimes it was taking 50 attempts to fix one website as the issuing servers were not responding. If you are seeing issues please open a support ticket and we are working through them in the order they are received to fix individual issues. We'll update this announcement later this morning to let you know the progress on applying these fixes.
Please understand we will be directing all live chats about this issue to open a support ticket. We can open the ticket for you if needed. We have a dedicated team working through these as fast as we can.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Update from cPanel at 9.22pm
We are working on a more permanent patch right now, and it is in review. It will fix existing certificates, but we're actually seeing that Let's Encrypt still issuing new certificates that are having issues. So even once our fix is applied, we can't guarantee everything will work properly as some of it is still out of our control.Our best recommendation at this time would be to switch to cPanel/Sectigo if it is absolutely critical, or wait for our patch to be released soon. I expect "soon" to mean "some point this evening" although the situation is still developing and it's hard for me to provide an accurate timeframe.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Update from cPanel at 8.45pm
Thank you for your patience. We are currently investigating this issue and are tracking it internally as UPS-403.
We will be publishing more information here:
https://support.cpanel.net/hc/en-us/articles/4409770365335
This is related to the recent expiration of the DST Root CA X3 Cert from Let's Encrypt. We believe this to be causing issues with the SNI configuration.
We are currently working with our developers on a more permanent solution that would correct the certificates already installed on the server. Once this is complete the page above will be updated. However, if absolutely required you can bypass these errors by switching to using the cPanel Store as the AutoSSL certificate provider and issuing new certificates.
Running this command below will set cPanel as the AutoSSL provided and then run a check for all of the domains on the server:
whmapi1 set_autossl_provider provider='cPanel' ; /usr/local/cpanel/bin/autossl_check -all
If you have any questions, or if there is anything else we can assist you with, please let us know. We would be glad to help!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
We are aware that some users are experiencing errors with their SSL Certificates. We provide Free SSL Certificates on all our servers and today (30 September 2021) ther Let's Encrypt Root Certificate has expired.
https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry
https://borncity.com/win/2021/09/30/sept-30-2021-will-we-see-trouble-with-old-lets-encrypt-certificates/
Above you can see three websites where this problem is being reported. If you need urgent access to your email (this appears to be where most problems are being reported) our team on live chat or helpdesk can help you get access to Webmail whilst we work to re-issue all certificates and work with clients reporting issues.
Our support team is incredibly busy this evening and we ask for your patience. The easiest way to gain access to your emails at the moment is through webmail and we are asking you to use that medium for this evening.
As we write this there is still no solution from cPanel to this issue and you can track their forums here: https://forums.cpanel.net/threads/cpanel-33077-letsencrypt-transition-to-isrgs-root-important.673981/page-2
