I ran this command: The cert on one of my domains was expired and tried to update from Hestia CP, but got the message: Error: Let’s Encrypt finalize bad status 403, after some research I tried this solution with no luck: Error: Let's Encrypt finalize bad status 403 - #40 by HarleyVader
It produced this output: Error: Let’s Encrypt finalize bad status 403
My web server is (include version): Apache2
The operating system my web server runs on is (include version): Ubuntu 18.04.6 LTS
My hosting provider, if applicable, is: Hostinger
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Hestia CP
Can anyone help me to understand what's happening please?
Hmm. I see you last got a certificate on Sep27 which expired on Dec26.
And, connecting to your domain I get a response from an nginx server, not Apache. Looks like maybe your account at your hosting service expired. You should probably start by making sure it is in good standing.
Request to: lyzon.com.mx/151.106.108.161, Result: [Address=151.106.108.161,Address Type=IPv4,Server=nginx,HTTP Status=200
The certificate displayed when connecting is a self-signed Hestia cert (not even an expired Let's Encrypt cert). Even if your Hostinger account is in good standing they are probably best able to help you get your site running again.
Yes, there is a nginx proxy, I recently reset that domain because the renovation started to fail, but still don't understand why I cannot enable SSL with let's encrypt. Other domains and subdomains on the same server are working fine!
Where does Apache get used? You said you had Apache.
When you say "nginx proxy" do you mean "nginx proxy manager"? Or just the nginx server?
The first step is fixing your DNS setup. See the errors here: lyzon.com.mx | DNSViz Focus on the name server delegation problems described in the Warnings and similar messages in the Error section
You have one Name Server that is Hostinger's and another is on your server. Is that right? The Hostinger name server doesn't know about your domain name. And, your name server has other issues (see DNSViz link above). Maybe someone else here will help with that but it is not in our usual scope and beyond what I wish to help with
dig +noall +answer A lyzon.com.mx @ns2.dns-parking.com
dig +noall +answer A lyzon.com.mx @ns1.lyzon.com.mx
dig: couldn't get address for 'ns1.lyzon.com.mx': not found
dig +noall +answer A lyzon.com.mx @151.106.108.161
lyzon.com.mx. 14400 IN A 151.106.108.161
Your response lead me to the solution, it was the dns nameservers (because the migration from Google domains to Rackspace) I updated the DNS and make a basic DNS setup and worked again!
