Error: Let's Encrypt nonce request status in hestia 1.2.3

I get an “Error: Let’s Encrypt nonce request status” in hestia 1.2.3 / ubuntu 20.04 with checkbox Lets Encrypt support. I saw old threads about this problem but those solutions don’t help.
2020-09-08 08:28:10 v-add-letsencrypt-domain … [Error 15]
Webserver nginx (default) + apache (default) + php-fpm (php 7_4). apt update && apt upgrade done. Сan anyone help?

Do you have nginx and apache run at the same time? That could pose a problem for cert-bot. If you have apache on 80 and nginx on 8080 for example, try to turn off nginx and then update your certificate.
Also, since Im new to Hestia and not sure how certbot works in this panel, if above fails you could turn off both webservers (if not mistaken cert-bot has its own webserver for cert update). Just make sure port 80 is open to the internet.

We don’t use cert bot…

Check for the source code


Are you using Hestia DNS? If so can you check if it is working propperly

1 Like

yes i use Hestia DNS. I didn’t really understand how to check it. Websites work. Let’s Encrypt error.
I manually received the certificate and entered it into the panel and everything works. But I would like an automatic renewal…

How do you mean manually? Can you be more specific? received and copied to the panel.

systemctl status bind9

Is always a good start

Ok, this does not seem like a good way to get a cert.
And the info about the error is quite obscure. … [Error 15]
There are few resons why renewal could fail: webserver, wirewall or dns. Fast DNS check could be obtained on

● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-09-08 07:50:01 MSK; 4h 29min ago
Docs: man:named(8)
Process: 21414 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS)
Main PID: 1449 (named)
Tasks: 98 (limit: 154406)
Memory: 747.2M
CGroup: /system.slice/named.service
└─1449 /usr/sbin/named -f -u bind

Sep 08 12:18:24 … named[1449]: client @0x7fc030332640 zone transfer …/AXFR/IN’ denied