Problems with renew SSL. Error 400 pending - HESTIA Control Panel

nomopo · October 4, 2021, 10:49am

Por favor, complete los campos del siguiente formulario para que podamos ayudarle de la mejor forma posible. Nota: debe proporcionar su nombre de dominio para obtener ayuda. Los nombres de dominio de los certificados emitidos se hacen públicos en los registros de Transparencia de Certificados (por ejemplo, crt.sh | example.com), por lo que esconder aquí su nombre de dominio no sirve de nada, únicamente nos dificulta prestarle la ayuda solicitada.

Puedo leer las respuestas en Inglés (sí o no): SI

Mi dominio es: servicio-tecnico-autorizado.pro, pero quiero instalar certificado en mail.servicio-tecnico-autorizado.pro

Ejecuté este comando: hestia cp -> v-update-letsencrypt-ssl

Produjo esta salida: NADA

Mi servidor web es (incluya la versión): WP 5.8

El sistema operativo en el que se ejecuta mi servidor web es (incluya la versión): ubuntu 20

Mi proveedor de alojamiento web (si aplica) es: webuphosting.com

Puedo iniciar una sesión en una shell root en mi servidor (sí, no o no lo sé): SI

Estoy usando un panel de control para administrar mi sitio (no o proporcione el nombre y la versión del panel de control): SI . Hestia CP

La versión de mi cliente es (por ejemplo, si usa certbot, muestre la salida de certbot --version o certbot-auto --version):

Ahora mismo en el dominio principal servicio-tecnico-autorizado.pro tiene un certificado de Redalia.

rg305 · October 4, 2021, 12:22pm

Hi @nomopo welcome to the LE community forum
[And please excuse my use of English.]

How did you get the other cert?
[servicio-tecnico-autorizado.pro]

Is this new cert only going to be used for encrypting mail?
Or also for https://mail.servicio-tecnico-autorizado.pro/ [like for webmail type access] ?

nomopo · October 5, 2021, 4:46am

The other certificate was bought from Comodo, because since it stopped working, it has been the fastest way to restore the system.
The idea is to use an SSL of yours for the mail. Just for the mail. or failing that, if I can renew everything, change it throughout the domain.

rg305 · October 5, 2021, 4:56am

Good, then that simplifies things [no need to install the cert into any web service].
So we only have to obtain the cert.
The simplest way is via HTTP authentication.
Since "mail.servicio-tecnico-autorizado.pro" resolves to an IP that has a working web service:

curl -Iki http://mail.servicio-tecnico-autorizado.pro/
HTTP/1.1 200 OK
Server: nginx

we can use that web service to get the cert.

Let's start by reviewing the nginx configuration with:
sudo nginx -T

nomopo · October 6, 2021, 6:10am

It doesn't work. i have this error always,
Error: Let's Encrypt validation status 400 (mail.servicio-tecnico-autorizado.pro). Details: Unable to update challenge :: authorization must be pending

rg305 · October 6, 2021, 6:26am

Sorry, I don't know enough about hestia cp to help with that error:

Maybe someone will come by who knows more...

nomopo · October 6, 2021, 8:15am

the problem is that always are in pending.... And if i renew it a lot of times i have a 429 Error from you.

rg305 · October 6, 2021, 8:28am

I see the problem.
You should STOP using the production system to TEST.
There is a staging system for that.

“The definition of insanity is doing the same thing over and over again and expecting different results."
-Albert Einstein

nomopo · October 6, 2021, 8:42am

the problem is that this servers has been worked fine since 1 october…. And i don’t know why it has been crashed!!!! And i don’t know if really it’s crashed...

eva2000 · October 6, 2021, 8:44am

Probably best to ask at https://forum.hestiacp.com/ i.e. Search results for 'status 400 order:latest' - Hestia Control Panel - Discourse

rg305 · November 19, 2021, 5:54pm

A post was merged into an existing topic: Certificates wont renew, 400 Unable to update