Hestia 1.7.3 SSL Let's encrypt Wrong status

When I try to get the certificate “Let’s encrypt” I get an error.
I am using cloudflare.Proxy and SSL/TLS encryption mode is disabled.I use nginx + php-fpm as a web server(). Hestia Control Panel v1.7.3 Ubuntu 22.04.2 LTS Here is what I found in the logs.


nginx: configuration file /etc/nginx/nginx.conf test is successful

Let’s Debug :

Test result for my-domain.com using http-01
All OK!
==[Debug information Step 5]==
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:connection",
    "detail": "2606:4700:3033::6815:103f: Fetching https://my-domain.com/: Redirect loop detected",
    "status": 400

  "validated": "2023-04-28T09:13:58Z"

==[Abort Step 5]==
=> Wrong status

What happens is your move the ipv6?

1 Like



redirects to


1 Like

I have disabled support ipv6 on server (in DigitalOcean Droplet).

I’m not sure, but it seems that the cloudflare error was displayed.

This may be due to the non-switchable setting?

That’s right. This is my domain.

You need to update Cloudflare to disable ipv6

You should also “disable” the domain redirect for now and then try to request an ssl…

Thanks for the help. I delved into the topic and learned a lot about certificates. The problem was the error related to incorrectly specified dns for www.

You cannot disable IPv6 when using the Cloudflare proxy. Traffic from Cloudflare to the origin server will (surprisingly) always prefer IPv4 when both an A and AAAA record have been created in Cloudflare DNS. Since Hestia CP does not currently support IPv6, there is no reason to add a AAAA record to Cloudflare DNS. When proxied, a AAAA record will still be published, but traffic to the origin will use IPv4.

This is the secret. When using ACME HTTP-01 challenges, it is important to configure Cloudflare to not interfere with the challenge. I exclude the .well-known/acme-challenge path from HTTPS and caching. I really need to author a comprehensive guide that I can just link to.

1 Like

acme supports ipv6 what is the issue here ?

Hestia doesn’t support ipv6 on default…

Still working on it…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.