Security – The cPanel Admin

AutoSSL Let’s Encrypt Rate Limiting

nessa • March 7, 2026

You’ve just completed a cPanel server migration. The accounts are transferred, DNS is propagating, everything looks good… until you check the AutoSSL logs and see this staring back at you: WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/XXXXXXX) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited) Every domain […]

AutoSSL Let’s Encrypt Rate Limiting Read Post »

Security

How to Fix CSF/LFD “Excessive Resource Usage” Floods for PHP-FPM and dbus on AlmaLinux 9

nessa • March 5, 2026

If you have recently migrated to AlmaLinux 9 (or any RHEL 9 derivative) and run ConfigServer Security & Firewall (CSF) with Login Failure Daemon (LFD), you have probably noticed your inbox filling up with alerts like these: Time: Wed Feb 19 03:14:22 2025 Account: root Resource: Virtual Memory Size Exceeded: 384 > 256 (MB) Executable:

How to Fix CSF/LFD “Excessive Resource Usage” Floods for PHP-FPM and dbus on AlmaLinux 9 Read Post »

Security

Why AutoSSL Fails Under Cloudflare Proxy

nessa • March 2, 2026

If you manage domains behind Cloudflare’s proxy and run cPanel with AutoSSL, there’s a good chance you’ve woken up to an email like this: AutoSSL did not renew the certificate for “example.com”. You must take action to keep this site secure. DNS DCV: No local authority: “example.com”; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV

Why AutoSSL Fails Under Cloudflare Proxy Read Post »

Apache, Howto, Linux, Networking, Security

PCI DSS Compliance Cookbook for cPanel Servers

nessa • February 26, 2026

If you’re running cPanel servers that process, store, or transmit credit card data, or even connect to systems that do, PCI DSS compliance isn’t optional. It’s a requirement that carries real financial and legal teeth. With PCI DSS v4.0.1 now fully enforced (the March 31, 2025 deadline for all “best practice” requirements has passed), every

PCI DSS Compliance Cookbook for cPanel Servers Read Post »

Apps, Howto, Linux, Security

CSF Post-Shutdown Survival Guide: Migration & Configuration

nessa • February 11, 2026

For over a decade, ConfigServer Security & Firewall (CSF) was the undisputed firewall solution for cPanel/WHM servers. If you ran a shared hosting environment, a reseller setup, or even a standalone VPS with cPanel, CSF was almost certainly part of your security stack. Its WHM integration, Login Failure Daemon (LFD), and straightforward configuration made

CSF Post-Shutdown Survival Guide: Migration & Configuration Read Post »

Hacks, Howto, Security

Wildcard SSL Workarounds for AutoSSL Using acme.sh

nessa • January 28, 2026

AutoSSL is one of cPanel’s most convenient features—automatically provisioning and renewing SSL certificates for every domain on your server. But if you’ve ever tried to get a wildcard certificate through AutoSSL, you’ve hit a wall. AutoSSL simply doesn’t support them. This isn’t an oversight. Wildcard certificates require DNS-based validation (DNS-01 challenge), and AutoSSL relies on

Wildcard SSL Workarounds for AutoSSL Using acme.sh Read Post »

Howto, PHP, Security

Advanced PHP-FPM Configuration and Pool Management for High-Traffic Sites on cPanel Servers

nessa • September 26, 2025

When managing high-traffic websites on cPanel servers, proper PHP-FPM (FastCGI Process Manager) configuration can mean the difference between smooth performance and server crashes. This comprehensive guide will walk you through advanced PHP-FPM optimization techniques specifically tailored for cPanel environments. Understanding PHP-FPM in cPanel Context PHP-FPM operates differently in cPanel compared to standalone servers. cPanel’s MultiPHP

Advanced PHP-FPM Configuration and Pool Management for High-Traffic Sites on cPanel Servers Read Post »

Fixes, Security

Fixing AutoSSL “provider cannot currently accept incoming requests”

nessa • September 23, 2022

When using cPanel/Sectigo as the SSL provider for AutoSSL, you may occasionally see this error in the autossl log: The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later. This error seems to be caused be incorrect permissions in /var/cpanel/ssl/domain_tls/. You can fix this with the following command:

Fixing AutoSSL “provider cannot currently accept incoming requests” Read Post »

Apache, Fixes, Howto, Security, Troubleshooting

Troubleshooting Website SSL Issues – No Padlock

nessa • March 18, 2019

Having SSL problems? One of the most common issues our team handles is related to websites not properly displaying over HTTPS, whether it be the website either not loading entirely, or just not showing the green padlock: If you’re sure that the SSL certificate is installed properly, but your site isn’t showing as secure, there

Troubleshooting Website SSL Issues – No Padlock Read Post »