Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: Let's Encrypt validation status 400 (pacificdatacom.net). Details: Unable to update challenge :: authorization must be pending
My web server is (include version): Hestia Control Panel v1.4.17
The operating system my web server runs on is (include version): Debian GNU/Linux 11.1
My hosting provider, if applicable, is: COX Business,
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Hestia Control Panel v1.4.17
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A
For about a months now I am having issues getting my certs to update. I have tried everything I can think of, just not sure what is going on.
But LE and LD both fail to even reach the HTTP site...
So, you must be using some kind of GeoFencing/Location blocking OR IPS OR IP block list that is preventing the challenges to be served.
It makes little sense to answer the heard challenge requests with a redirection instead of just the answer and be done with it.
More so, if you are security conscient, where HTTPS access should be the most restrictive.
HTTP access should basically redirect everything to HTTPS (except the LE challenges).
So what would you need from me. Yess I need to figure out the 400 Error and why I cant up date the LE SSL's. I have been working on this for a long time.
You said something about an 301 redirect error and I just though that was something I could fix now easily while we are working on the other error. Just trying to multitask and get the most done for my time sitting here.
I don't need anything from you - LOL
I work here as a volunteer; providing free "solutions" to those that need them.
I suggested to you that you can simplify the problem by NOT forwarding ALL the HTTP requests to HTTPS.
How to do that depends on the web server software (and version) and any .htaccess files and also WordPress settings.
As far as the certificates not updating I am starting to thinking its something SonicWall did with the firmware update but I have know idea how to figure that one out. I just posted on SonicWALL's forums, I will let you know if I ever figure this out.
I think the same. You could try asking at their support forum.
The key is the Lets Debug response. If it cannot consistently see your server then you won't be able to get certificates from Lets Encrypt. Given you got inconsistent results I would look at settings in SonicWall that relate to "intelligent firewall" or "adaptive firewall" or "smart firewall" - something like that. It feels to me like it is adapting to a pattern in the Lets Encrypt requests and treating them as threats (mostly). Mind you, I am guessing here but that's where I would focus efforts if it was my system failing.
Ya, I looked at logs but there are many logs and many options, I don't know what I am doing. If someone knew what log to use, and what report etc, maybe I could get somewhere