Lets Encrypt SSL Error (Error: Let's Encrypt validation status 400 (domain.com). Details: 403:"MY-IP: Invalid response

1

An error occurs when creating a certificate:

image

I found an error link in the log:

image
image1074×568 44.7 KB

after going through it , I received the following data:

image
image1106×351 15.1 KB

letsdebug.net does not show errors (previously there was an ipv6 error, I deleted ipv6 error disappeared):

image
image1052×296 23.7 KB

What could be the problem?

2

Does ngixn restart correctly

3

image
image779×104 16.9 KB

Such a warning and before that there was a comodo certificate, but it ends and I decided to replace it with Lets Encrypt

4

Did it solved the issue?

You should be able to visit the .well-known/xxxx/xxxx folder without any issue…

Do you use Cloudflare?

1 Like
5

I don’t use Cloudflare.
Where the folder is located .well-known?
I am concerned that domain duplication with aliases without is shown.

image
image1026×126 23.4 KB

But the certificate from comodo works if you insert it in here:
image
image510×646 97.7 KB

6

Hello, I have the same problem… It seems to be that ngixn does not auto restart. I got it to work when I manually restart nginx during the process, either by the CLI or by opening the panel in another browser and restarting nginx continuously during the process.

My question has not been solved (NGINX will to restart when adding or changing web domains - #3 by lamnian)

7

ssl-issue

This error always occurs when enabling ssl in hestia cp, but after restarting ngnxi, ssl can be successfully enabled, and next time you want to enable ssl, you still need to restart ngnxi again. Hi, does anyone have any ideas on this?

8

Merged both topics…

We reload both proxy system ( Nginx)
And web system just before we request the certificate.

It should be more then enough…

Set: DEBUG_MODE to yes in /usr/local/hestia/conf/hestia.conf and try to request an ssl.

9

I made a fix in “v-add-letsencrypt-domain”, but it didn’t help.
The certificate itself is not issued for 1 main domain (the comodo certificate works on this domain), it works on subdomains and works on other domains.

image
image1354×712 53.1 KB

10

You’ve an ipv6 record there, hestia doesnt support it rn, remove it and it should work. Has even it own section in our docs: SSL Certificates and Let's Encrypt — Hestia Control Panel documentation

11

Screenshot 2022-10-03 at 10.06.16
Screenshot 2022-10-03 at 10.06.162394×978 109 KB

Error page

Also:
http://xxx/.well-known/acme-challenge/weilCrdnHG1oaXkFtNW9eMBL7U2wm9LBmwyDgjlmgE

returns also an 404. So there must something be wrong with your nginx config.

12

Does not work:

image
image1388×660 35.7 KB

13

it works:

image
image1122×115 25 KB

14

Now it does. 5 min ago not. Now I also get a valid website:

Screenshot 2022-10-03 at 10.16.31
Screenshot 2022-10-03 at 10.16.311920×1151 189 KB

15

I tried to issue a certificate via Certbot and the certificate was generated without an error

image
image941×403 28.4 KB

16

Validation process is different as in certbot, we do not support ipv6 (yet).

17

I deleted the AAAA record from IPV6, it doesn’t help

image
image1083×869 50.2 KB

18

Run the command v-add-letsencrypt-domain user domain.com ‘www.domain.com’ in command line and test it out.

Or at least follow the instructions we have provided. We can’t guess…

1 Like
19

image
image1310×94 16.5 KB

20

www.domain.com doesn’t work

Screenshot 2022-10-04 at 14.24.10
Screenshot 2022-10-04 at 14.24.101740×552 23.9 KB

Remove it form the alias list or check why it is not working properly

It looks like you are bind a nat server or something like that…