404 Error When Activating SSL Let's Encrypt

Community Support
1

Dear all, good afternoon!

I’m having trouble activating SSL with Let’s Encrypt. I’m getting the error below:

image
image683×452 34.4 KB

From what I could see in the environment logs, for some reason the “.well-known/acme-challenge” folder and consequently the validation file are not being created.

I had the same error in the past, but it was resolved with the following two changes:

  • DefaultLimitNOFILE=65535" >> /etc/systemd/system.conf
  • DefaultLimitNOFILE=65535" >> /etc/systemd/user.conf

However, SSL is generated if I do this through the “certbot” package, using the command:

sudo certbot certonly --webroot   -w /home/teste/web/sophosantivirusbr.com.br/public_html   -d sophosantivirusbr.com.br -d www.sophosantivirusbr.com.br   -vv --debug-challenges --text --no-eff-email

So I can’t understand what the problem is or where to begin validation since I can’t see any error logs to give me any initial guidance. Can you help me?

2

You seem to be using cloudflare for name servers. Check if everything is setup correctly there.

Also, in hestia DNS for that domain, check if your DNS template applied is child or default? If default, change to child once and retry after 5 minutes.

Secondly, check if there is any IPV6 setup in DNS, if yes remove that (though I do not see any IPV6 / AAAA record for you).

Finally, after and if with child-dns template it works, revert the template to default. This at times works for me, but it is usually only for some weird reason I face.

BTW, does nginx restart properly, and Apache2 as well?

BTW, just found this for your domain:

DNS sophosantivirusbr.com.br SOA Expire Value is out of recommended range.

DNS sophosantivirusbr.com.br SOA Serial Number Format is Invalid.

Your cloudflare is setup with ipv6 it seems. Hestia does not support ipv6 yet. But not sure if CF is the issue here.

NS IP Address TTL Time (ms) Status Auth Parent Local

ray.ns.cloudflare.com. 2606:4700:58::adf5:3b8a 1 day 3

tara.ns.cloudflare.com. 2606:4700:50::adf5:3ae1 1 day 2

LookupServer 158ms

Depth: 1

ServerName: a.dns.br.

ServerIP: 2001:12f8:6::10

Authoritative: NON-AUTH

ElapsedTime: 112 ms

Result: Received 2 Referrals, Status=NOERROR

Question:

Answers: sophosantivirusbr.com.br. 3600 IN NS ray.ns.cloudflare.com., sophosantivirusbr.com.br. 3600 IN NS tara.ns.cloudflare.com.

Depth: 2

ServerName: ray.ns.cloudflare.com.

ServerIP: 2606:4700:58::adf5:3b8a

Authoritative: AUTH

ElapsedTime: 3 ms

Result: Received 2 Answers, Status=NOERROR

Question:

Answers: sophosantivirusbr.com.br. 86400 IN NS ray.ns.cloudflare.com., sophosantivirusbr.com.br. 86400 IN NS tara.ns.cloudflare.com.