Error 400 on Hestai CP 1.8.4

I receive the below for any domains when enabling SSL under the domain.

Error: Let’s Encrypt validation status 400 ( Details: 403:“ Invalid response from http://xxxxxx/.well-known/acme-challenge/_6jIb0Cpx6uyBoYwsuWSzX_SnP_gyq_A2m9mco1xMJg: 404”

this is a fresh install on latest Ubuntu LTS 22.04.6
lets debug shows no issues with the domains

Any help will be appreciated as we want to move from Vesta CP

This doesn’t look like the default error messsge Hestia has for non existing page …

Are you sure the configuration is correct?

Default http works fine, I cannot enable SSL per the above error

It doesn’t work fine here by default should look like:

Any reason on a fresh install let’s encrypt does not work ?

Doesn’t matter if under admin or user
Even restarting nginx does not help and nginx has no errors

I have also tried another fresh domain same result when created in Hestia CP, loads with IT works page and cannot use Let’s Encrypt for SSL.

It works page is not from Hestia but the default page for Nginx

It looks like there is an issue with the ip configuration / what ever

It should be “Success” page with a green check mark

Don’t know if there are more ip addresses on the server?

What part should I be checking from the front end or CLI to confirm the il matches throughout?

We can’t answer this, it depends on to much. Right now it looks like doesnt show a default hestia site, so you maybe want to check why this is. Start on a new vps, install hestia and you’ll see a different default site, lets encrypt will work the probaly aswell out of box.

Have you maybe installed hestia over a existing server?

The above address is the address that is the public IP with ports via May to local from the router the .178 address is the main allocated IP.

We use a .181 address with vesta and has no issues when we did that on a fresh install with no other options that your guide a an internal IP address for Hestia.

Is there a way we can arrange a paid support slot for a webex or zoom discussion?

maybe @eris is available for it, but rate would be 100 euros / hr.

It looks like the port forward points to the wrong server. If you use your internal ip, you should see somehting like:

No worries happy to pay if you can share a meeting invite or send us an email

I have a very strict policy I don’t debug network issues on servers behind a nat…