How to remove hosts SSL and create a new one?

andrewnewby · October 21, 2024, 7:13am

Hi,

I had all the SSL working with LE, but for some reason the renewal is failing. Looking into it, I see:

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/419123907137/Lx70IA",
  "status": "invalid",
  "validated": "2024-10-21T06:50:41Z",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "The key authorization file from the server did not match this challenge. Expected \"Malb7OMedAs90ayqli_R4jRAk0W9oNR00RMuhCKI8aQ.-eunmf9KO9hTdhy2hedi175AsR0SxqGUWnTRIV8Sab0\" (got \"Malb7OMedAs90ayqli_R4jRAk0W9oNR00RMuhCKI8aQ.g35MTroJUk3Nf2Ynl-YCtqDvQ0Xaxw5ersKzDxCKSoU\")",
    "status": 403
  },
  "token": "Malb7OMedAs90ayqli_R4jRAk0W9oNR00RMuhCKI8aQ",
  "validationRecord": [
    {
      "url": "http://map.newbyhost.com/.well-known/acme-challenge/Malb7OMedAs90ayqli_R4jRAk0W9oNR00RMuhCKI8aQ",
      "hostname": "map.newbyhost.com",
      "port": "80",
      "addressesResolved": [
        "172.233.115.74",
        "2a01:7e02::f03c:94ff:feb7:a563"
      ],
      "addressUsed": "2a01:7e02::f03c:94ff:feb7:a563"
    },
    {
      "url": "https://map.newbyhost.com/.well-known/acme-challenge/Malb7OMedAs90ayqli_R4jRAk0W9oNR00RMuhCKI8aQ",
      "hostname": "map.newbyhost.com",
      "port": "443",
      "addressesResolved": [
        "172.233.115.74",
        "2a01:7e02::f03c:94ff:feb7:a563"
      ],
      "addressUsed": "2a01:7e02::f03c:94ff:feb7:a563"
    },
    {
      "url": "https://mapguider.com/.well-known/acme-challenge/Malb7OMedAs90ayqli_R4jRAk0W9oNR00RMuhCKI8aQ",
      "hostname": "mapguider.com",
      "port": "443",
      "addressesResolved": [
        "172.233.115.74",
        "2a01:7e02::f03c:94ff:feb7:a563"
      ],
      "addressUsed": "2a01:7e02::f03c:94ff:feb7:a563"
    }
  ]
}

I’m a bit confused as to why it has the wrong code. How do I remove the host SSL, and then re-issue a new one? I added it originally with v-add-letsencrypt-host , but I don’t see a reverse of that? (i.e remove the SSL from the host)

Thanks!

Andy

Raphael · October 21, 2024, 7:54am

disable ipv6.

andrewnewby · October 21, 2024, 8:06am

? We need IPv6 - otherwise lots of people can’t access our sites. Or are you saying disable ipv6 to reset the host SSL? (not sure how that would work)

eris · October 21, 2024, 8:14am

Hestia doesn’t currently support ipv6

And it doesn’t work:

So solve that first or just remove it.

andrewnewby · October 21, 2024, 8:31am

Hi,

Eugh, I got it! I needed to run my “fix templates” script, which adds in the ipv6 listener. The other tempaltes had it, but not the admin one for some reason.


    listen      172.233.115.74:80;
    listen      [::]:80;
	server_name mapguider.com www.mapguider.com autoconfig.mapguider.com autodiscover.mapguider.com;
	error_log   /var/log/apache2/domains/mapguider.com.error.log error;

Now it works

Cheers

Andy

system · November 20, 2024, 8:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.