Error create SSL mail domain

Community Support Mail
1

Goodnight
I have migrated from vestacp to vestacp a backup, everything is correct except the SSL, it gives me an error when creating the SSL letsencrypt

Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

What I can do?

Log error: v-add-letsencrypt-domain ‘user’ ‘domain.com’ ’ ’ ‘yes’ [Error 15]
hestiacp version: v1.3.1

2

Any systems like Cloudflare?

3

no, it is its own server, it is a clean installation and a restore from vestacp to hestia
The webs work fine and they have letsencrypt ssl but the mail gives this error when you activate SSL

4

Please, help me :sob: :sob: :sob:

5

Please patch v-add-letsencrypt-domain with the following file

https://raw.githubusercontent.com/hestiacp/hestiacp/0eb1e0831558bb17cd3b7f961c2d715cac4f8b0f/bin/v-add-letsencrypt-domain

And try again if fails post the log file…

6

Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

7

I have looked at https://crt.sh and I see that I have 6 wrong certificates … they are from before migrating to hestiacp
could this be the problem? that I have exceeded the limit? if so, how can I delete those certificates ???

PS: I have put back the original v-add-letsencrypt-domain file just in case.

8

There has been an log file created in /var/log/hestia/ LE-user-domain-timestamp

9

This is what it says. Thanks for everything!!:

==[API call]==
exit status: 0

==[Step 5]==

  • status: 400
  • nonce: 0103JavmhrY3m8gW2_JGxaqqoQAeGsWQH1TH-2wfO6E7l_Y
  • validation:
  • details: Unable to update challenge :: authorization must be pending
  • answer: HTTP/2 400
    server: nginx
    date: Fri, 27 Nov 2020 18:14:05 GMT
    content-type: application/problem+json
    content-length: 144
    boulder-requester: 90139335
    cache-control: public, max-age=0, no-cache
    link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
    replay-nonce: 0103JavmhrY3m8gW2_JGxaqqoQAeGsWQH1TH-2wfO6E7l_Y

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

==[Abort Step 5]==
=> Wrong status

10

What dns server are you using

11

I use the ovh ones. I have been able to create other SSL from other domains and subdomains that I have in this panel of hestiacp, it only happens with the mail that is mail.xxxxx.com and from what I have seen, it is due to the fact that I have passed the creation limit for that domain of mail.xxxx.com and I don’t know how to revoke those certificates

12

Does webmail.domain.com exists?

13

yes and when doing a ping the correct ip responds

14

yes and when doing a ping the correct ip responds I think the problem is that I cannot revoke the certificates that letencrypt has previously registered.

I should be able to do this but I don’t have the certificate;

certbot revoke --cert-path /etc/letsencrypt/archive/$íritu

How could I do it from hestiacp?

15

other log:

2020-11-28 18:20:04 v-list-dns-records ‘savall’ ‘mail.xxxx.com’ [Error 3]
2020-11-28 18:20:04 v-add-letsencrypt-domain ‘savall’ ‘xxxx.com’ ’ ’ ‘yes’ [Error 15]

17

I don’t know what I have done but it has worked, issue solved

What I have done is suspend the domain of the mail and when I reactivate and test again now the SSL has been set

Thanks for your support!