HestiaCP Let's Encrpt validation status 400 error

sugumaran · June 17, 2023, 4:31am

Error: Let’s Encrypt validation status 400 (qwerty.xyz). Details: 403:“38.60.204.232: Invalid response from http://qwerty.xyz/.well-known/acme-challenge/vg4VJZqMxFc6SBlIkhpRRfDQJMk5_lKGZN0wSWjHApU: 404”

I get this error when trying to create a new web domain in HestiaCP on LightNode.com VPS running Ubuntu 22.04 LTS.

Is there a bug in HestiaCP ? If I use VestaCP, then I get no error.

eris · June 17, 2023, 5:33am

What do you see if you open:

http://qwerty.xyz/.well-known/acme-challenge/vg4VJZqMxFc6SBlIkhpRRfDQJMk5_lKGZN0wSWjHApU:

In your browser with the correct domain name?

sugumaran · June 17, 2023, 2:19pm

When I open that link:
http://qwerty.xyz/.well-known/acme-challenge/vg4VJZqMxFc6SBlIkhpRRfDQJMk5_lKGZN0wSWjHApU:
I get NOT FOUND.

When I open the root website:
http://qwerty.xyz, I get “Success. Your new webserver is ready to use”

The DNS is up and working.

I am using two LightNode.com Moscow VPSes one Debian 11 and one Ubuntu 22.04 LTS. Its seems only the web and mail (particularly webmail) is not working, while DNS works smoothly.

Raphael · June 17, 2023, 3:47pm

this means your domain doesnt load properly, this is the default page when you directly visit the ip address or any unassigned domain.

If your domain works with http, you will probaly also be able to generate a lets encrypt cert for it.

sugumaran · June 19, 2023, 8:00am

UPDATE: The problem solved. I was on a paid HestiaCP IRC chat and HestiaCP support consultant Robert Spencer helped solve my problem. Thank you Robert! This problem happens if there are two IPs, one private and one public. The strange part is both IPv4 addresses are 38.60.204.232 and 38.60.204.232. If I chose the first “38.60.204.232”, I get this error, but if I chose the second “38.60.204.232” there is no error and website on http:// works fine and Let’s Encrypt SSL is enabled.

I hope others who have this problem when using HestiaCP on a LightNode.com VPS will find this useful.

Have a nice day.

eris · June 19, 2023, 8:10am

We don’t offer any support via. IRC and Robert Spencer is unknown to us…

But the system has by default 2 ip address an internal ip (with nat Ip set to it for the external ip) and the public ip. I might need to resolve the issue

system · July 19, 2023, 8:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.