SSL: Let's Encrypt root certificate replacement (cPanel)

Resolved

G’day,

We’re glad to report that email connections have remained stable and increased in volume. If you’re hitting any problems at all, please get in touch with our crew!

Thank you for your patience throughout the issues, it’s much appreciated.

Cheers,
LEOPARD.host

Monitoring

G’day,

cPanel’s auto-fixer has been deployed and connections appear to be stabilising.

Please let us know if you’re still experiencing problems. Thanks for your patience today.

Cheers,
LEOPARD.host

Updated

G’day,

Some good news from cPanel - there is a tool almost ready to go that addresses the problem’s root cause.

“We have an autofixer just about ready to be published, our QA department is just doing some final testing.”

However, evidently the 1st release was troubled:

“Update - the first patch we had in place didn’t properly resolve the issue. A second patch has been created and is currently being reviewed by our QA team.”

Once this is released, we will test and deploy - then monitor the results into tomorrow to make sure all’s well.

Thank you for your patience with this problem. We’ll be seeking a full post-mortem after the issue is resolved.

Cheers,
LEOPARD.host

Updated

G’day,

cPanel are still working to fix their mess - the latest we’ve heard is:

“I am not able to provide much additional information about this issue at this time as there are still things that even our Developers are uncovering as this event unfolds. The required fix is not as straightforward as we had initially anticipated or prepared for.”

The problem is now around 12 hours old, so we’re expecting movement shortly, or a proper update at least.

Please accept our apologies on their behalf for the impact this may be causing you today.

If you need more help, please open a ticket through my.LEOPARD.

Cheers,
LEOPARD.host

Assessed

G’day,

Sadly, there is a major problem with Let’s Encrypt SSL today after cPanel failed to act on a well-known change to the root certificate ahead of time. They are scrambling for a suitable fix at the moment. While they have another method ordinarily, it’s offline as too many people are trying to move across to it.

You can access emails via Webmail or by updating your configuration to use non-encrypted ports, however across many of our systems these connections are not permitted and we prefer to not enable them.

Feel free to contact our team if https://webmail.example.com doesn’t work for you.

To clarify, you may experience connection failures with Email at the moment. You may find other encryption issues right now however email is the most likely way to reveal the current problem.

Our ticket number about this with cPanel is 94368525. We are sorry for their neglect.
The incident is tagged under cases UPS-403, CPANEL-33077 & CPANEL-38820.

https://forums.cpanel.net/threads/cpanel-33077-letsencrypt-transition-to-isrgs-root-important.673981/
https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190/505

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
https://support.cpanel.net/hc/en-us/articles/4409770365335
https://support.cpanel.net/hc/en-us/articles/4409759316759

As we have updates, we’ll be sure to pass them on.

Please let us know if you need any help.

Cheers,
LEOPARD.host

5 Affected Services:
The Network Crew Pty Ltd

« LEOPARD.host website

Network: AS138521