Hestia 1.7.2 SSL Letsencrypt error on ubuntu aws ec2

ovais · April 14, 2023, 12:43am

Hi, I have managed to install Hestia 1.7.2 successfully on ubuntu aws ec2, however, I am facing challenges to acquire SSL from Letsencrypt.
The attached screenshot shows well known acme challenge failure error.
I am facing the error both on control panel subdomain as well as the newly setup main domain.

I have another question:

Is there any limitation to number of certs for subdomains one can acquire from Letsencrypt?
And can we acquire one certs for main domain and reuse it for all subdomain?

Screenshot_20230414_060502_Chrome1080×1104 108 KB

eris · April 14, 2023, 5:42am

Yes 500 in a week

Yes if you get a wild card and use *.domain.com as alias + DNS from Hestia

But the error has nothing to do with any limits.

Follow the link in the error message and it should show a string if not there is some other things wrong…

ovais · April 19, 2023, 10:24am

Hi @eris, Thanks for your prompt response.
Unfortunately, I could not try this earlier to respond back to you.

I checked today and have two observations:

My site <Domain.com> is returning the Server default “Success!
Your new web server is ready to use.
” and not the Hestia default page with content as “
This site is currently under construction.

Please check back soon.
”
[email protected]:/home//web/<Domain.com>/public_html - I don’t see a .<.well-known> folder as expected by Letsencrypt http://www.domain.com/**.well-known**/acme-challenge/ak12TZ0oZDfeEx7P3jitPo6mSslQ3p0Ha6-FlD3yyyk: 404"

Please can you advise further

ovais · April 19, 2023, 10:40am

It seems my issue is related to Do not load website from public_html - #20 by erwin

Does it matter with which user we install the hestia panel?

Default user on my AWS is not root.

eris · April 19, 2023, 10:45am

Do you have multiple ips assigned to the server?

ovais · April 19, 2023, 10:48am

No just one IP, however, I see the same IP twice on GUI dropdown. I have just one domain and one sub-domain for the panel.

eris · April 19, 2023, 11:02am

Can you run v-list-sys-ips

ovais · April 19, 2023, 11:05am

[email protected]:/usr/local/hestia/data/templates/web/skel/public_html# cd $HESTIA/bin
[email protected]:/usr/local/hestia/bin# v-list-sys-ips
IP MASK NAT STATUS WEB DATE

172.31.33.203 255.255.240.0 shared 3 2023-04-13
172.31.39.79 255.255.240.0 shared 0 2023-04-13
[email protected]:/usr/local/hestia/bin#

ovais · April 19, 2023, 11:11am

172.31.33.203 - I have just unassigned this IP from the AWS EC2 config and rebooted the AWS instance.
Then I rebuild web domain as
172.31.33.203 → PUBLIC_IP

255.255.240.0

eth0

shared

3

admin

Now, on Hestia Panel under Network, I still see two local IPs pointing to same public IP. Unfortunately, I am unable to delete the one I could manage to delete from AWS EC2. Reason being 3 domains hosted on this local IP

eris · April 19, 2023, 11:18am

v-rebuild-web-domain user domain

To make sure it updates…

And then try again

ovais · April 19, 2023, 11:29am

172.31.33.203 - I have just unassigned this IP from the AWS EC2 config and rebooted the AWS instance.
Then I rebuild web domain as v-rebuild-web-domain user domain
172.31.33.203 → PUBLIC_IP

255.255.240.0

eth0

shared

3

admin

Now, on Hestia Panel under Network, I still see two local IPs pointing to same public IP. Unfortunately, I am unable to delete the one I could manage to delete from AWS EC2. Reason being 3 domains hosted on this local IP

ovais · April 19, 2023, 11:42am

I manage to move two domains to the correct local IP.
Don’t know which one is the third domain as I have only two domains hosted.

I had transferred the ownership of HOST panel domain from default admin to a NEW USER created by me on HESTIA, is that stale record exists on the panel?

HOW is the data written in this file? Is it okay if I set it manually to Zero and attempt to delete the ips?
[email protected]:/usr/local/hestia/data/ips# cat 172.31.33.203
OWNER=‘admin’
STATUS=‘shared’
NAME=‘’
U_SYS_USERS=‘admin’
U_WEB_DOMAINS=‘1’
INTERFACE=‘eth0’
NETMASK=‘255.255.240.0’
NAT=PUBLIC_IP
TIME=‘23:08:34’
DATE=‘2023-04-13’

eris · April 19, 2023, 11:53am

Yes that is fine

ovais · April 19, 2023, 12:43pm

Manage to progress further. But a new error now .

I have also added *.domain.com as an alias on HESTIA domain field (www.domain.com was another alias I added earlier)
and have also a *.domain.com as an A and CNAME record on HESTIA DNS (with just A record it did not work, so I tried to create CNAME record as well) but still it does not work.
I have created a *.domain.com A type record with Domain registrar (I was getting a DNS record does not exist for *.domian.com) until I added this record.

New error is:
“Error: Let's Encrypt new auth status 400 (domain.com)”

eris · April 19, 2023, 12:46pm

You can’t use wildcards if you use your providers name server. You need to be using DNS provided by Hestia and the name servers should point to your Hestia server

ovais · April 22, 2023, 6:57pm

I faced another error after fixing the DNS at domain provider to personal domain NS records and created A records at HESTIA for the NS subdomains.
This resolved the original error. However, I got auth status 400 error with Letsencrypt after this which got resolved after running the vlets*domain and v-letshost commands both for all domains and Hestia panel server subdomain.
Thank you so much for all help @eris.

system · May 22, 2023, 6:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.