I am still having all kinds of issues with SSL not working

I am still having all kinds of issues with SSL not working. I have been testing Hestia for a few days now. I have install 3 Domains and 20 different websites.
When I Enable SSL for this domain / Use Lets Encrypt to obtain SSL certificate, it fails every time on all the domains, with a error 15 or several different 400 errors. However when I and to the host it works fine.

Yesterday it did work once one of my domains but in testing today I tried the same thing again and it failed again. I just wanted to tell you about the issues I am having. I have been doing IT for 30 years so I have some experience at these things.

According to https://github.com/hestiacp/hestiacp/issues/1380 it looks like you’ve a bit a weird installation - what is your hestia version? If you write since a few days, you should be on 1.3.0, according to your issue, it looks that you’re on a much older version.

perhaps the dns, a records, if you use cloudflare make sure you dont use the proxy or use dns only
sometime when i adding domain and apply ssl got problem cause the domain is not resolve yet,
wait for a few mins while you break for americano or espresso then you try it again for me after i made a break and try, the ssl work seamlessly and i a not quite long on IT, perhaps only a few back years for sure after testing several control panel beside virtualmin (ups so sorry @Raphael )
i am falling in love with hestia (i tried the vesta, myvesta already )
for sure hestia can handle well all my apps even on low end vps

A record is at GoDaddy and all is good. and this has been for the 2 days that I have been trying Hestia out.

And FYI, on Vesta the SSL works every time on the same domain, same everything.

The SSL for the Hestia host goes through on the first try every time.

We know the current v-add-letsencrypt-domain isn’t perfect We will try to improve it in the future.

Make sure DNS is pointing correctly. If there are any problems with it please check https://dnschecker.org if DNS is working an pointing to the right IP.

If it still doesn’t work try systemctl restart nginx to check if your are able to restart nginx. Sometimes there can be an issue in the config that not noticed.

Also please don’t use Github for questions. We are trying to keep every thing seperate and Github manageable with only Bugreports. Support is availble via Discord and / or this forum.

DNS is good.

I have redone all 3 time. now server, new Hestia, new domain, same issue every time.

John

Doesn’t work we can’t do a lot with it. If you want to have support please put some effort in.

400 = Could be multiple things

• 1. Nginx isn’t restarting / reloading with new config. Systemctl restart nginx
• 2. There is an issue with a DNS, Alias etc…
• 3. Some systems like Cloudflare can cause issues.
• 4. And many more

429 = Rate limit Lets encrypt
We can’t do a lot with that.

I am not able to logon into your server from here and see what the issues it.

You can also try to

echo "$answer" >> "/var/log/hestia/LE-${user}-${domain}.log"

on line

913×400 56.1 KB

And check the contents of /var/log/hestia/LE-${user}-${domain}.log

you are not reading my reply’s.

Eris gave you a number of steps to try. Please give them a try and report your findings.

Hey @johnzapf , you could check, what the nginx log is saying. watch out for the .well-known being requested.

in general we can only support you, if you are more informative about what’s going on. as others pointed out ‘does not work’ or just the general letsencrypt error codes won’t help much. only you can dig into the logfiles on your system properly, which I am sure you know how to do and where to find them

if the difference appears to lie between issuing the request via GUI vs CLI than I strongly assume there is something different f.i. in the aliases listed. maybe you have an old/orphaned/forgotten alias under your domain settings, that does not point correctly to the server and while you request via cli you don’t list that?

without knowing which command and options for that you used, it’s probably getting difficult to narrow it down any further anyway…

I totally understand.

As far as the nginx log I don’t see where to find that. Like I have said before I have been a Windows Admin, IT etc… for 29 years and all my websites have been on IIS. I just started learning Linux a few weeks ago.

My DNS its set to the right IP at GoDaddy and my NAT is right in my SonicWALL. Like I said all work perfect in Vesta with this same setup and domain. just let me know what info I can supply and I will get it.

Thanks, John

I am afraid I can’t help you much then. if everything were set right, it would work, easy as that
if it does not work, something is not set right… and the logs might tell you.

for that you might want to explore /var/logs/nginx/domains/* and search for lines with GET requests towards urls with .well-known in the path… if those do not have 200 response, obviously something can’t be reached and verified.

again, as written above, check all aliases you put into the web domains config and test if they lead to your server properly. also don’t have empty lines in there… somewhere there is a problem, a minor typo or whatever.

if in doubt delete the whole user and recreate it from scratch including the domains and whatnot.

other than that you are pretty much on your own. rest asured this isn’t a problem with Hestia.

so where should I look for those log file?

in as root this is what I see when I # ls
hestia_1.3.1~RC_amd64.deb hst_backups hst_install_backups hst-install-debian.sh hst-install.sh hst-install.sh.1

As far as DNS the URL and www are set to the right IP at GoDaddy everything works fine.

there is just the main URL “website.com” and for the alias “www.wedsite.com”

perfect example for a typo, even when I know what you want to show .

I just can confirm what @falzo wrote here, maybe it would be a good idea to start with a LAMP/LEMP environment to expand your linux knowledge?

Logs files can be found in
/var/logs/nginx/domains/

I don’t want to expand my knowledge of Linux, I think its so stupid that you still have to type commands in 2020… I don’t want to spend hours doing something that should take 2 minutes. I started working on computers in 1990, I am so over, typing commands… I am just trying to move my website for better performance. I like Hestia for its simplicity and performance. and fyi the SSL did work a couple days ago.

I am migrating all 9 of my server to a new server this week so that is when I will really get into it. I was just trying to get this all figured out ahead of time.

John

Honestly, then I would stop using linux and hestia. If you run a linux based webserver, you cant come around the cli. You need to know where to check the logs, understand what they could mean or how to trigger a google search and filter out the relevant informations.

So based on your explanation, your not willing to learn it nor have the knowledge to do it - so you will get in big troubled, for example if one of your sites get hacked.

Just my 5 cents.

And you say the problem inset with Hestia and I believe you. I am just wondering why the SSL works every time Vesta with the same URL and same Alias

I get it. I am just frustrated with the googling commands… don’t take me so serous.

hacked – that’s scary, I have been hosting my own websites on IIS for 20 years and have never been hacked that I know of. I did have a virus get in once, but I am very good with backups–so that was not a problem.

We dont know your setup, we dont know your website or aliases. We can verify that the let’s encrypt api is working and that we can request valid certs on our productive aswell as dev servers.

Suggestion: Rent a hetzner.cloud vps, install hestia on top, give it a hostname from one of your domains, add a new user, add there a domain and request a lets encrypt certificate - proper dns records ofc. If it still fails, I’m willing to do a deep analyze of that vps.