Error: Let's Encrypt validation status 400

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: server26.anay.nl huisvoorleiders.nl

(huisvoorleiders.nl). Details: 403:"62.45.12.180: Invalid response from http://huisvoorleiders.nl/.well-known/acme-challenge/js4sY5SQcQqd8co3hSRjQxZijWR5ixeFgd17jN_aew4: 404"

I ran this command:

It produced this output:

My web server is (include version):hestiacp 19.00 ubunto 24

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Hestia cp 19

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Hello @Martindoornbos,

Looks like your Server: nginx

$ curl -Ii http://huisvoorleiders.nl/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 16 Apr 2025 17:54:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: laravel_session=2SpS1A433eAP2hCi74tGF3p74odN5r4VgVrB0Yd3; expires=Wed, 16 Apr 2025 19:54:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax

And using the online tool Let's Debug yields "OK" results here https://letsdebug.net/huisvoorleiders.nl/2421761

Is you ACME Client putting the ACME Challenge token in the right place?

1 Like
3

All OK!

OK

No issues were found with huisvoorleiders.nl. If you are having problems with creating an SSL certificate, please visit the Let's Encrypt Community forums and post a question there.

4

There are websites with certificates on the same server, but new ones do not work
work https://anay.nl / https://philosofia.nl
not work www.proeducatie.nl www.huisvoorleiders.nl

5

Can you answer that question?

1 Like
6

what is the right place to do that

7

well-known/acme-challenge/js4sY5SQcQqd8co3hSRjQxZijWR5ixeFgd17jN_aew4:) 404"
[/quote]

huisvoorleiders putty
huisvoorleiders putty840×360 111 KB

8

De server kan niet bewijzen dat dit huisvoorleiders.nl is. Het beveiligingscertificaat van de server is afkomstig van server26.anay.nl . Dit kan worden veroorzaakt door een verkeerde configuratie of een aanvaller die je verbinding onderschept.

The server cannot prove that this is huisvoorleiders.nl. The server's security certificate is from server26.anay.nl. This could be caused by a misconfiguration or an attacker intercepting your connection.
the server is server26.anay.nl

9

Please show the output of the following command.

  • sudo nginx -T that is a capital T

I am guessing there is an issue with handling Server Name Indication (SNI) in your nginx configuration.

For general nginx information you might find nginx documentation and https://forum.nginx.org/ helpful.

openssl s_client -showcerts -servername server26.anay.nl -connect server26.anay.nl:443 
$ openssl s_client -showcerts -servername server26.anay.nl -connect server26.anay.nl:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = server26.anay.nl
verify return:1
---
Certificate chain
 0 s:CN = server26.anay.nl
   i:C = US, O = Let's Encrypt, CN = R10
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr  5 17:00:12 2025 GMT; NotAfter: Jul  4 17:00:11 2025 GMT
-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgISBucDg9vvcpm6cnWXrNSqbITbMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNDA1MTcwMDEyWhcNMjUwNzA0MTcwMDExWjAbMRkwFwYDVQQD
ExBzZXJ2ZXIyNi5hbmF5Lm5sMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAvAkBagz6fPP4FGCfjGb77RpaFk+QUZ2w0F/VZJS3Xgg+7ziCLpsDPIDY4WvZ
tnoVTpePSvKSJ4LRfLbrU6GJIzWU6768ZDDeiFq1pjJyXMvgHbSiSEUXUz2rc+CC
NQmi9HW0knapww506KbKxMNFp5j704Lxv7NeRcDRcYvEptwBkRRDtqR3Yah+60iK
Ot4vf8zMeEeI8UoKObdTF6Oge4Ty8aVFE3cOdSUkIClGBLQYVk5bCLDg32xn2DqN
LXDaLC4kfPyN7AbCVc6KrMBPZCys6iwRIsoCfjPUKjKTrIwod2GziXooMK2bFZBz
cahamGryfxqghIJk16yfhxRPlGb8ogoie+PV1Xr2t2HaImVMzUpF0YzHwMF0l2aF
phKhpAjzfOVFmJ3y65DOSDlGZsrWpOIEiFizyZN5LmUAxhPrcLcVHP1K5/5tMkDv
mu7w6SM2l0qpsfNGICAs2kGpd9aO6OeB2TE9lMWRcmMbecs0GlsWAx0RGM7KxBUc
2jr3Zm4XK6S8g8SDisM6gthS86yN4xnE7UCjzyvVWt8L490F/+yqlfksrmDWaAJQ
9QRX3IDt0oEWuE29sx3lndWS20zjMI7rM1i6wNV+jlDiuD6vQo0+wBk2nptsE0rj
x5wRlPHtVK5tjNIGuZhN1fME/r1pZ3fsSRCZKzEJSTqmK28CAwEAAaOCAkQwggJA
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUr1FcOiNzRlfx04u5ElYFSs+HCMswHwYD
VR0jBBgwFoAUu7zDR6XkvKnGw6RyDBCNojXhyOgwVwYIKwYBBQUHAQEESzBJMCIG
CCsGAQUFBzABhhZodHRwOi8vcjEwLm8ubGVuY3Iub3JnMCMGCCsGAQUFBzAChhdo
dHRwOi8vcjEwLmkubGVuY3Iub3JnLzAbBgNVHREEFDASghBzZXJ2ZXIyNi5hbmF5
Lm5sMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6
Ly9yMTAuYy5sZW5jci5vcmcvOTIuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDw
AHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGWBxrZ7wAABAMA
RzBFAiEA9NrwDxqUC3/EwFpRuu8m0bC9UcYnSovY5LTBRMApgrECIEtGsP1NcX6Z
/B8a+NMnhblaQdjLAXs4A+bdY8xK8tYgAHYAfVkeEuF4KnscYWd8Xv340IdcFKBO
lZ65Ay/ZDowuebgAAAGWBxrZ/QAABAMARzBFAiEA18JbHAIiokto9wdyYowK4zLl
rFUG1TXUKPzRk2gOXzoCICLvcXbUdxDpsjjySRpkMz1ZfylpHETYu9hoWCUIdV+w
MA0GCSqGSIb3DQEBCwUAA4IBAQAvE0oDLDU23Vruxwkhj2hBidGcsinmx0lLo2lG
YEhMYIVO6UVtHbnzdGI9SyOOOXO98EnpG121/UBQWpMYQI8TVBSVvFFzcUmzGP2S
eCMZOICSOzbIqGVUIuUDqKUc2YYKutIZnYE6N/jSSUNuuKj++SetHdi28kc5pvtJ
XooRehQz4Y4fal46gXYJ99Bu9cARU/Lc73YYadk2aemuFq/m2eVlELCjjGsM3upR
1SLNfNXQ/Ri8sAkhcWDqhzx0U8N/adq7+pfLkqXDc46JRbwzN9A9402h5EpSAb2i
ZokaLNuYR7Z3eLWUQJSNpo6pE+RkznzEPIfbDwND6gKWCYnB
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R10
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL
YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a
/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4
FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR
mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3
DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5
tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo
zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd
u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9
1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0
GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh
1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ
QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N
4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz
rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei
RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx
KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = server26.anay.nl
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3666 bytes and written 382 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
openssl s_client -showcerts -servername huisvoorleiders.nl -connect huisvoorleiders.nl:443 
$ openssl s_client -showcerts -servername huisvoorleiders.nl -connect huisvoorleiders.nl:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = server26.anay.nl
verify return:1
---
Certificate chain
 0 s:CN = server26.anay.nl
   i:C = US, O = Let's Encrypt, CN = R10
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr  5 17:00:12 2025 GMT; NotAfter: Jul  4 17:00:11 2025 GMT
-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgISBucDg9vvcpm6cnWXrNSqbITbMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNDA1MTcwMDEyWhcNMjUwNzA0MTcwMDExWjAbMRkwFwYDVQQD
ExBzZXJ2ZXIyNi5hbmF5Lm5sMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAvAkBagz6fPP4FGCfjGb77RpaFk+QUZ2w0F/VZJS3Xgg+7ziCLpsDPIDY4WvZ
tnoVTpePSvKSJ4LRfLbrU6GJIzWU6768ZDDeiFq1pjJyXMvgHbSiSEUXUz2rc+CC
NQmi9HW0knapww506KbKxMNFp5j704Lxv7NeRcDRcYvEptwBkRRDtqR3Yah+60iK
Ot4vf8zMeEeI8UoKObdTF6Oge4Ty8aVFE3cOdSUkIClGBLQYVk5bCLDg32xn2DqN
LXDaLC4kfPyN7AbCVc6KrMBPZCys6iwRIsoCfjPUKjKTrIwod2GziXooMK2bFZBz
cahamGryfxqghIJk16yfhxRPlGb8ogoie+PV1Xr2t2HaImVMzUpF0YzHwMF0l2aF
phKhpAjzfOVFmJ3y65DOSDlGZsrWpOIEiFizyZN5LmUAxhPrcLcVHP1K5/5tMkDv
mu7w6SM2l0qpsfNGICAs2kGpd9aO6OeB2TE9lMWRcmMbecs0GlsWAx0RGM7KxBUc
2jr3Zm4XK6S8g8SDisM6gthS86yN4xnE7UCjzyvVWt8L490F/+yqlfksrmDWaAJQ
9QRX3IDt0oEWuE29sx3lndWS20zjMI7rM1i6wNV+jlDiuD6vQo0+wBk2nptsE0rj
x5wRlPHtVK5tjNIGuZhN1fME/r1pZ3fsSRCZKzEJSTqmK28CAwEAAaOCAkQwggJA
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUr1FcOiNzRlfx04u5ElYFSs+HCMswHwYD
VR0jBBgwFoAUu7zDR6XkvKnGw6RyDBCNojXhyOgwVwYIKwYBBQUHAQEESzBJMCIG
CCsGAQUFBzABhhZodHRwOi8vcjEwLm8ubGVuY3Iub3JnMCMGCCsGAQUFBzAChhdo
dHRwOi8vcjEwLmkubGVuY3Iub3JnLzAbBgNVHREEFDASghBzZXJ2ZXIyNi5hbmF5
Lm5sMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6
Ly9yMTAuYy5sZW5jci5vcmcvOTIuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDw
AHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGWBxrZ7wAABAMA
RzBFAiEA9NrwDxqUC3/EwFpRuu8m0bC9UcYnSovY5LTBRMApgrECIEtGsP1NcX6Z
/B8a+NMnhblaQdjLAXs4A+bdY8xK8tYgAHYAfVkeEuF4KnscYWd8Xv340IdcFKBO
lZ65Ay/ZDowuebgAAAGWBxrZ/QAABAMARzBFAiEA18JbHAIiokto9wdyYowK4zLl
rFUG1TXUKPzRk2gOXzoCICLvcXbUdxDpsjjySRpkMz1ZfylpHETYu9hoWCUIdV+w
MA0GCSqGSIb3DQEBCwUAA4IBAQAvE0oDLDU23Vruxwkhj2hBidGcsinmx0lLo2lG
YEhMYIVO6UVtHbnzdGI9SyOOOXO98EnpG121/UBQWpMYQI8TVBSVvFFzcUmzGP2S
eCMZOICSOzbIqGVUIuUDqKUc2YYKutIZnYE6N/jSSUNuuKj++SetHdi28kc5pvtJ
XooRehQz4Y4fal46gXYJ99Bu9cARU/Lc73YYadk2aemuFq/m2eVlELCjjGsM3upR
1SLNfNXQ/Ri8sAkhcWDqhzx0U8N/adq7+pfLkqXDc46JRbwzN9A9402h5EpSAb2i
ZokaLNuYR7Z3eLWUQJSNpo6pE+RkznzEPIfbDwND6gKWCYnB
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R10
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL
YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a
/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4
FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR
mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3
DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5
tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo
zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd
u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9
1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0
GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh
1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ
QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N
4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz
rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei
RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx
KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = server26.anay.nl
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3666 bytes and written 384 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
10

Please see the HTTP-01 challenge of the Challenge Types - Let's Encrypt.

1 Like
11

configuration file /etc/nginx/conf.d/domains/webmail.proeducatie.nl.conf:

server {
        listen      192.168.0.67:80;
        server_name webmail.proeducatie.nl mail.proeducatie.nl;
        root        /var/lib/roundcube;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/webmail.proeducatie.nl.log combined;
        error_log   /var/log/nginx/domains/webmail.proeducatie.nl.error.log error;

        include /home/anay/conf/mail/proeducatie.nl/nginx.forcessl.conf*;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
                return 404;
        }

        location / {
                alias /var/lib/roundcube/;

                try_files $uri $uri/ =404;

                proxy_pass http://192.168.0.67:8080;

                location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|r                   ss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
                        expires 7d;
                        fastcgi_hide_header "Set-Cookie";
                }
        }

        location @fallback {
                proxy_pass http://192.168.0.67:8080;
        }

        location /error/ {
                alias /var/www/document_errors/;
        }

        include /home/anay/conf/mail/proeducatie.nl/nginx.conf_*;
12

thanks
after a server reboot everything works

1 Like
13

Glad it is working for you @Martindoornbos! :slight_smile:
Have a pleasant day.

1 Like