Hi folk,
Having an issue when generating SSL with Let’s Encrypt
I have tried to use;
A: the normal tick box inside of web ui
B: the CLI v-add-letsencrypt-domain
C: I’ve also tried flushing DNS
D: I’ve also double checked my dns is pointing to the correct ip
While it is working for this website,
Website 01 it will not allow me to add it to other subdomains.
and now i’m fresh out of ideas, would appreciate a hand
Hi @JustSomeBritishGuy,
Show the output of this command:
curl --user-agent "HestiaCP" -s -I "https://acme-v02.api.letsencrypt.org/directory"
This is the response i am getting, suggests some network issue.
Yes, you server can’t resolve the domain.
Check if you can resolve other domains:
dig debian.org +short
dig letsencrypt.org +short
dig acme-v02.api.letsencrypt.org +nocmd
Only Received a response from acme

edit
i corrected debian.org but no response
Yes, your dns resolver (127.0.0.53) is not working so you should try to debug and fix it.
I suppose you are using systemd-resolved so first check the service status:
systemctl status systemd-resolved
I am using a DDNS do you think this could be an issue?
edit
Though the site should be not running through it
It shouldn’t be an issue.
Show the output of these commands:
dig @76.76.2.0 debian.org +short
dig @76.76.2.0 debian.org +short +tcp
dig debian.org +trace +nocmd +nodo
dig debian.org +trace +nocmd +nodo +tcp
Ok, the problem seems the dns servers used by systemd-resolved:
ls -l /etc/resolv.conf
cat /etc/resolv.conf
resolvectl status
cat /etc/systemd/resolved.conf
edit
I originally had DNS as automatic however it also was not working,
so I had switched to 8.8.8.8/1.1.1.1
You missed the s
in command resolvectl status
How did you do that change?
Try this as root:
sudo mkdir -p /etc/systemd/resolved.conf.d
echo -e '[Resolve]\nDNS=76.76.2.0 76.76.10.0' | sudo tee /etc/systemd/resolved.conf.d/custom-dns.conf
sudo systemctl restart systemd-resolved
dig debian.org +short
Edit to fix echo command.
(Quite new to linux i have sudo perm but still not working)
Sorry, my bad, I didn’t check that I was writing a redirect using sudo, use this:
echo -e '[Resolve]\nDNS=76.76.2.0 76.76.10.0' | sudo tee /etc/systemd/resolved.conf.d/custom-dns.conf
1 Like
That looks good 
Now, if this command works, you could try to get your certificates:
curl --user-agent "HestiaCP" -s -I "https://acme-v02.api.letsencrypt.org/directory"