Can't obtain Let's Encrypt SSL certification

Hey guys ! I have been trying non stop since the past 24h to solve my problem : enable SSL for my domain. Letsdebug says everything is fine. I cannot find any .well-known folder on my VPS, but i don't know what to do.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: v-add-letsencrypt-domain admin

It produced this output: Error: Let's Encrypt validation status 400 ( Details: 403:" Invalid response from .well-known/acme-challenge/JhnoMpTtQ....

My web server is (include version): I don't really know, I am using Hestia if that helps

The operating system my web server runs on is (include version): Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-64-generic x86_64)

My hosting provider, if applicable, is: contabo for VPS and OVH for domain name

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): hestia latest version

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Tried to install using certbot directly using this comand : certbot --apache and got this other error message, if that helps :

Requesting a certificate for
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsen

No, that doesn't help :slight_smile: We were looking to see what kind of web server like Apache, nginx, or similar.

But, I can see that an nginx server is currently responding to HTTP requests to your domain. And, you chose the --apache plugin when running Certbot so something is wrong.

You either need to use the nginx plugin (or --webroot option) or find out why Apache is not responding as expected. You might need to contact Hestia to work this out.

Request to:, Result: [Address=,Address Type=IPv4,Server=nginx/1.23.3,HTTP Status=404], Issue:


Both nginx and apache are present on my VPS, and both are used by Hestia.
When using the ngingx certbot command (sudo certbot --nginx) i get this :
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel

But the problem is that is not the domain i want to get the certificate on, and is not in this list

They may both be installed but you have to choose one to respond to requests sent to your domain name. Or, use one as the proxy for the other or something. That's not unique to Let's Encrypt. That is just how web servers work.

Right now you have nginx responding but from your latest post it shows you have not yet configured the necessary server block for your domain. You should do some further research on how web servers work and how they are configured.


Only the webserver listening on port 80 can satisfy the acme challenge.

This doesn't mean the other won't get certificates. You just have to use the other to authenticate. Like:

certbot --authenticator nginx --installer apache

But you're using a control panel. I would strongly advise to use your control panel features to get your certificates, as control panels tend to mess up whatever they're not controlling .


I see nginx when connecting to port 80:

curl -Ii
HTTP/1.1 502 Bad Gateway
Server: nginx/1.25.2
Date: Wed, 18 Oct 2023 19:22:17 GMT
Content-Type: text/html
Content-Length: 157
Connection: keep-alive

It actually does. This tells us that the edge webserver will be Nginx, but it also tells us that we should not be attempting to manipulate certbot directly and should instead use the either the Hestia Control Panel web interface or the the Hestia v- command line tools.

You may want to review the following topic and search results in the HestiaCP forum.


Thanks for all of your replies. Simply wiped the VPS and reinstalled HestiaCP, everything now works with no issues...


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.