Error: Let's Encrypt validation status 400

The following problem arises when adding ssl to the hestiacp hostname.

I added a new domain to the hostname and it has the same problem

root @ myvps: ~ # v-add-letsencrypt-host
Error: Let’s Encrypt validation status 400 (cp.mydomain.com). Details: Unable to update challenge :: authorization must be pending
Error: Let’s Encrypt SSL creation failed

My dns is working properly. I checked it thoroughly

What could be this?

mydomain.com is not mine. I edited it and posted it here

I installed it on Debian 10
VPS is OVH

Check the logs in /var/log/hestia/

400 error could mean everything

This was in the LE-admin file
What could be the problem

=============================
Date Time: 2021-07-14 18:38:53
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: admin
domain: myvps.domain.com


- aliases: 
- proto: http-01
- wildcard: 


==[Step 1]==
- status: 200
- nonce: 0001aj5rAECy1S-cuEss4DUoJsJgE0Kh9jmVEzxZFjXLAYE
- answer: HTTP/2 200 
server: nginx
date: Wed, 14 Jul 2021 18:38:56 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0001aj5rAECy1S-cuEss4DUoJsJgE0Kh9jmVEzxZFjXLAYE
x-frame-options: DENY
strict-transport-security: max-age=604800



==[API call]==
exit status: 0


==[Step 2]==
- status: 201
- nonce: 0002SK99Kgtkzk2VlAdFqHFvbrstGxrLmmcUEJbNDKuELHk
- authz: https://acme-v02.api.letsencrypt.org/acme/authz-v3/14813129557
- finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/130587731/11076083568
- payload: {"identifiers":[{"type":"dns","value":"myvps.domain.com"}]}
- answer: HTTP/2 201 
server: nginx
date: Wed, 14 Jul 2021 18:38:57 GMT
content-type: application/json
content-length: 337
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/130587731/11076083568
replay-nonce: 0002SK99Kgtkzk2VlAdFqHFvbrstGxrLmmcUEJbNDKuELHk
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "status": "pending",
  "expires": "2021-07-21T18:38:57Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "myvps.domain.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14813129557"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130587731/11076083568"
}


==[API call]==
exit status: 0


==[Step 3]==
- status: 200
- nonce: 0002fo03nLs2lxzckX7ErcTJ7kLf67xk3RoiPxXd5eMs32I
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813129557/xw7kGw
- token: V4nPgrUohgvNTdslooAqWD14L_fs26Wu0d3qtDY6wHk
- answer: HTTP/2 200 
server: nginx
date: Wed, 14 Jul 2021 18:38:58 GMT
content-type: application/json
content-length: 795
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002fo03nLs2lxzckX7ErcTJ7kLf67xk3RoiPxXd5eMs32I
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "myvps.domain.com"
  },
  "status": "pending",
  "expires": "2021-07-21T18:38:57Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813129557/xw7kGw",
      "token": "V4nPgrUohgvNTdslooAqWD14L_fs26Wu0d3qtDY6wHk"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813129557/qXgLhw",
      "token": "V4nPgrUohgvNTdslooAqWD14L_fs26Wu0d3qtDY6wHk"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813129557/Q9wZ6g",
      "token": "V4nPgrUohgvNTdslooAqWD14L_fs26Wu0d3qtDY6wHk"
    }
  ]
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 200
- nonce: 00016wsBXYk8RALWTM9p1W_-GUXgyYGKCG-zOmqI6uCgYuE
- validation: pending
- details: 
- answer: HTTP/2 200 
server: nginx
date: Wed, 14 Jul 2021 18:39:04 GMT
content-type: application/json
content-length: 186
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/14813129557>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813129557/xw7kGw
replay-nonce: 00016wsBXYk8RALWTM9p1W_-GUXgyYGKCG-zOmqI6uCgYuE
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813129557/xw7kGw",
  "token": "V4nPgrUohgvNTdslooAqWD14L_fs26Wu0d3qtDY6wHk"
}



=============================
Date Time: 2021-07-14 18:39:06
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: admin
domain: myvps.domain.com


- aliases: 
- proto: http-01
- wildcard: 


==[Step 1]==
- status: 200
- nonce: 0002CnegVhOa6gKFcCvbsZPKlwDHrD3J7PPBDIqbHFHVQM0
- answer: HTTP/2 200 
server: nginx
date: Wed, 14 Jul 2021 18:39:07 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0002CnegVhOa6gKFcCvbsZPKlwDHrD3J7PPBDIqbHFHVQM0
x-frame-options: DENY
strict-transport-security: max-age=604800



==[API call]==
exit status: 0


==[Step 2]==
- status: 201
- nonce: 0001s018rK2pNAflU1tj4Gl07t6o4klzJR1kVMWEG8Gs6zE
- authz: https://acme-v02.api.letsencrypt.org/acme/authz-v3/14813134247
- finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/130587731/11076087761
- payload: {"identifiers":[{"type":"dns","value":"myvps.domain.com"}]}
- answer: HTTP/2 201 
server: nginx
date: Wed, 14 Jul 2021 18:39:08 GMT
content-type: application/json
content-length: 337
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/130587731/11076087761
replay-nonce: 0001s018rK2pNAflU1tj4Gl07t6o4klzJR1kVMWEG8Gs6zE
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "status": "pending",
  "expires": "2021-07-21T18:39:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "myvps.domain.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14813134247"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130587731/11076087761"
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 400
- nonce: 0101c4vZ2y2Dpmqk3OuBRscbN-SUrMjlMl2WVVRi6d49dhs
- validation: 
- details: Unable to update challenge :: authorization must be pending
- answer: HTTP/2 400 
server: nginx
date: Wed, 14 Jul 2021 18:39:10 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0101c4vZ2y2Dpmqk3OuBRscbN-SUrMjlMl2WVVRi6d49dhs

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}


==[Abort Step 5]==
=> Wrong status


==[API call]==
exit status: 0


==[Step 3]==
- status: 200
- nonce: 0102LzyASsjh6cAWRPMN421W9KykU9uQKhSgwYg2RqjWn1s
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813134247/dWkaQA
- token: Nd2fgy256wJMIs21ReDWmkb2Wkl39lXoY7Rar9VE-QQ
- answer: HTTP/2 200 
server: nginx
date: Wed, 14 Jul 2021 18:39:11 GMT
content-type: application/json
content-length: 795
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0102LzyASsjh6cAWRPMN421W9KykU9uQKhSgwYg2RqjWn1s
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "myvps.domain.com"
  },
  "status": "pending",
  "expires": "2021-07-21T18:39:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813134247/dWkaQA",
      "token": "Nd2fgy256wJMIs21ReDWmkb2Wkl39lXoY7Rar9VE-QQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813134247/EoBDnQ",
      "token": "Nd2fgy256wJMIs21ReDWmkb2Wkl39lXoY7Rar9VE-QQ"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813134247/gJgZSA",
      "token": "Nd2fgy256wJMIs21ReDWmkb2Wkl39lXoY7Rar9VE-QQ"
    }
  ]
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 200
- nonce: 0102HZCkjo_-qpa21knv2XyvcCDv0XugZB4lE_r02hM2jpE
- validation: pending
- details: 
- answer: HTTP/2 200 
server: nginx
date: Wed, 14 Jul 2021 18:39:17 GMT
content-type: application/json
content-length: 186
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/14813134247>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813134247/dWkaQA
replay-nonce: 0102HZCkjo_-qpa21knv2XyvcCDv0XugZB4lE_r02hM2jpE
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14813134247/dWkaQA",
  "token": "Nd2fgy256wJMIs21ReDWmkb2Wkl39lXoY7Rar9VE-QQ"
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 400
- nonce: 0102a5fY8iH29BPCVXtufiuRTszlB_8ty9t-CShp6zJ0BI0
- validation: 
- details: Unable to update challenge :: authorization must be pending
- answer: HTTP/2 400 
server: nginx
date: Wed, 14 Jul 2021 18:39:23 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 130587731
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0102a5fY8iH29BPCVXtufiuRTszlB_8ty9t-CShp6zJ0BI0

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}


==[Abort Step 5]==
=> Wrong status


If you follow this link you will see it show an 403 on your hostname. Any systems like Cloudflare?

Yes, I use Cloudflare

I used Cloudflare earlier and enabled SSL for hostname. This problem came up today

I turned off Cloudflare Proxy and tried to enable SSL

Also I do not put a proxy in the hostname

@eris

I also tested this through a domain that does not have Cloudflare and the problem persists

This problem exists not only for hostname but also for all domain hestiacp panel

I installed and tested Vestacp
It works well with SSL

This issue arose after the latest update

1 Like

Found a bug in v-restart-service

1 Like

OK, will that issue be fixed in the next update?