Symptoms
AutoSSL may fail to validate a domain to issue a new SSL certificate with the following error once the server is updated to cPanel version 132:
Processing “cpuser”’s local DCV results … Analyzing “domain.tld”’s DCV results … PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks. at /usr/local/cpanel/3rdparty/perl/542/cpanel-lib/Net/ACME2/AccountKey.pm line 63. ...propagated at /usr/local/cpanel/Cpanel/Try.pm line 230. ...propagated at /usr/local/cpanel/Cpanel/SSL/Auto/Run/HandleVhost.pm line 258. ...caught at /usr/local/cpanel/Cpanel/SSL/Auto/Run/User.pm line 314.
Description
With updates to cPanel 132, the Perl ACME module was also updated to disable "PKCS#1 1.5". Due to this change, some servers may experience issues with AutoSSL during the creation of initial account credentials. We are currently aware of this issue occurring in Rocky Linux.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-49987. Follow this article to receive an email notification when a solution is published in the product.
Workaround
Remove the credentials file to allow new credentials to be generated at the next AutoSSL run.
/bin/rm /var/cpanel/letsencrypt-v2.json
