Unable to get certificate: HestiaCP

himi · December 13, 2022, 7:19am

Hi all,
I registered my domain, installed HestiaCP on Ububtu 22.04 and I am having a problem to get the certificate. I already did this in past and had no problem. Looking at check-your-website.server-daten.de I can't really tell what the problem is.

My domain is: hcp.hx7.eu
I ran this command: from Hestia CP

It produced this output: Error: Let's Encrypt validation status 400 (hcp.hx7.eu). Details: 403:"141.144.194.92: Invalid response from http://hcp.hx7.eu/.well-known/acme-challenge/rJY8jq3alrTwIRUit7yHQ7H-qoK6oiPcV_6HKYRhtr0: 404"

https://acme-v02.api.letsencrypt.org/acme/chall-v3/186610841307/XCrvWg

My web server is (include version): nginx/1.23.2

The operating system my web server runs on is (include version): Ubuntu 22.04.1 LTS

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: HestiaCP v1.6.5

DNS records:

name / TTL / type / data	 
 / 300 / A / 141.144.194.92	 
 / 300 / CAA / 0 issue "letsencrypt.org"	 
 / 300 / CAA / 0 iodef "mailto:himi@centrum.cz"	 
* / 300 / A / 141.144.194.92	 
hcp / 300	/ A / 141.144.194.92	
mail	/ 300 / A / 141.144.194.92	 
mail	/ 300 / MX / 0 mail.hx7.eu	 
www / 300 / A / 141.144.194.92

https://check-your-website.server-daten.de/?q=hcp.hx7.eu

edit:
I also tried to add following DNS records with token:

_acme-challenge|300|TXT|79qWFDAusf30kCaFD6jkMkFwXzsTI-FU9brRcR_CEuY
_acme-challenge.hcp.hx7.eu|300|TXT|79qWFDAusf30kCaFD6jkMkFwXzsTI-FU9brRcR_CEuY

but the result is the same. Do I need to add _acme-challenge with token to my DNS records? If so, how do I know which token HestiaCP uses when requesting SSL Let's encrypt certificate? For now I removed it as there was no change.

reading through various forums, I also tried letsdebug.net with following result:

All OK!
No issues were found with hcp.hx7.eu. If you are having problems with creating an SSL certificate, please visit the Let's Encrypt Community forums and post a question there.

I created another subdomain in Hestia CP, this time under a user (not admin as for hcp.hx7.eu), and tried to generate SSL certificate. And it worked! So I wonder why it does not work for admin

system · January 12, 2023, 7:20am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.