Error: Let's Encrypt validation status 400 - Web Server mis-configuration?

Hey, I am installing a fresh instance of HestiaCP on Ubuntu 24.04 LTS version of hestiacp using the following flags.

sudo bash hst-install.sh --apache no --phpfpm yes --multiphp yes --vsftpd no --proftpd yes --named yes --mysql yes --mysql-classic no --postgresql no --exim no --dovecot no --sieve no --clamav no --spamassassin no --iptables yes --fail2ban yes --quota no --api yes --interactive yes --with-debs no  --port '8083' --hostname 'server.hostname.tld' --email '[email protected]' --password 'protected' --lang 'en'  --force 

Hestia installs as expected, hostname also get’s a let’s encrypt certificate as expected. However, once I login to admin, create a user account, create a domain hostname.tld on the user account. I simply cannot get it to issue an let’s encrypt certificate. I kept getting this error

Error: Let's Encrypt validation status 400 (hostname.tld). Details: 403:"123:123:123:123: Invalid response from http://hostname.tld/.well-known/acme-challenge/L8i-C1tbHZfmqIGJTGHsbDhN11askQgGou0PvHqMfeA: 404"

Upon inspecting, I found what I believed to be the root issue. i.e., domain redirection is not working as expected.

I tried putting a index.html file on hostname.tld/public_html however, I till receive the standard demo page, I even tried installing Wordpress through the installer, no luck. when I put something that should be in a directory for example http://hostname.tld/demo.html or http://hostname.tld/.well-known/* I get the default “page not found” template. The domain root is stuck on the default success page. the nginx error.log page is empty.

Here’s the nginx conf of the exact site obtained from /home/user/conf/web/{domain}/nginx.conf

#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
        listen      10.108.0.3:80;
        server_name hostname.tld www.hostname.tld;
        root        /home/{user}/web/{domain}/public_html;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/{domain}.log combined;
        access_log  /var/log/nginx/domains/{domain}.bytes bytes;
        error_log   /var/log/nginx/domains/{domain}.error.log error;

        include /home/{user}/conf/web/{domain}/nginx.forcessl.conf*;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location / {
                location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
                        expires max;
                        fastcgi_hide_header "Set-Cookie";
                }

                location ~ [^/]\.php(/|$) {
                        try_files $uri =404;

                        include /etc/nginx/fastcgi_params;

                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                        fastcgi_pass unix:/run/php/php8.3-fpm-y-knotinc.org.sock;

                        include /home/{user}/conf/web/{domain}/nginx.fastcgi_cache.conf*;
                }
        }

        location /error/ {
                alias /home/{user}/web/{domain}/document_errors/;
        }

        location /vstats/ {
                alias   /home/{user}/web/{domain}/stats/;
                include /home/{user}/web/{domain}/stats/auth.conf*;
        }

        include /etc/nginx/conf.d/phpmyadmin.inc*;
        include /etc/nginx/conf.d/phppgadmin.inc*;
        include /home/{user}/conf/web/{domain}/nginx.conf_*;
}

here’s the /home/user/conf/web/{domain}/nginx.conf_letsencrypt`

location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.Dxu6o92koj5myii4Hmm5WiaG8t4nOvdX5PJE4eEIP3o";
}

I believed this was an issue with nginx and installed apache version of hestia but again, I am stuck on the same problem. Tried provisioning a completely different VPS and domain, I still walk around to the same problem.

Any help on this matter will be helpful.

Hi @Ritzz

Show the output of this command:

tail /etc/nginx/nginx.conf

I’d need to access the server to take a look. I’ll write a private a message.

Just for the record.

OP was using a private IP instead of the right public IP. Once changed it worked fine again.

1 Like

Yup, it was an extremely silly error. I’ve totally not spent 18 hours debugging this while doubting every atom in my body. Nope, I have no idea how that feels like…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.