Hello!
I created an old.. subdomain for my site. I faced the problem of the inability to create a Let’s Encrypt certificate for it (error 403), and the inability to transfer the certificate from the main domain.
Every time I get a nginx restart error.
Thank you for your help
Hi @Konstantinus,
That could mean a lot of things, what is the error in the log?
/var/log/hestia/LE-YourUser-YourDomain.log
Which one?
systemctl status nginx --no-pager -l
/var/log/hestia/LE-YourUser-YourDomain.log
==[API call]==
exit status: 0
==[Step 6]==
/var/log/nginx/error.log:
2024/10/16 10:53:44 [emerg] 280763#280763: no host in “:443” of the “listen” directive in /etc/nginx/conf.d/domains/old.ххх.ххх.хх.ssl.conf:8
2024/10/16 10:53:44 [emerg] 280780#280780: no host in “:443” of the “listen” directive in /etc/nginx/conf.d/domains/old.ххх.ххх.хх.ssl.conf:8
2024/10/16 11:02:13 [emerg] 285776#285776: no host in “:80” of the “listen” directive in /etc/nginx/conf.d/domains/old.ххх.хххх.хх.conf:8
2024/10/16 11:02:13 [emerg] 285793#285793: no host in “:80” of the “listen” directive in /etc/nginx/conf.d/domains/old.ххх.ххх.хх.conf:8
Why there is no host on listen directive? Are you using a custom template for that domain?
Show the output of these commands (replace YourUser and old.ххх.ххх.хх by the actual data):
grep listen /etc/nginx/conf.d/domains/old.ххх.ххх.хх.ssl.conf
v-list-web-domain YourUser old.ххх.ххх.хх json | jq -r '.[]|.IP'
root@web:/etc/nginx/conf.d/domains# grep listen /etc/nginx/conf.d/domains/old.archive.mk.ua.conf
listen 192.168.88.3:80;
root@web:/etc/nginx/conf.d/domains# v-list-web-domain admin old.archive.mk.ua json | jq -r ‘.|.IP’
192.168.88.3
root@web:/etc/nginx/conf.d/domains#
I asked for the ssl conf:
grep listen /etc/nginx/conf.d/domains/old.archive.mk.ua.ssl.conf
The .ssl.conf file is not created:
root@web:/etc/nginx/conf.d/domains# grep listen /etc/nginx/conf.d/domains/old.archive.mk.ua.ssl.conf
grep: /etc/nginx/conf.d/domains/old.archive.mk.ua.ssl.conf: No such file or directory
Then I don’t understand this error message:
How is nginx given an error about a directive in a file that doesn’t exist? Right now nginx is up and running?
systemctl restart nginx
systemctl status nginx --no-pager -l
Anyway, right now you have a loop issue with cloudflare, it is redirecting one and again to the same url.
❯ curl -iL --max-redirs 2 http://old.archive.mk.ua/.well-known/acme-challenge/test
HTTP/1.1 301 Moved Permanently
Date: Wed, 16 Oct 2024 15:44:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://old.archive.mk.ua/.well-known/acme-challenge/test
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fgh7FsyqAivL53kdYwg8dH6m6Vc8YsYPajocwszyHsO5kaagSUjftUEtlggaDH6IzACwV0Iv8gNrXkBHGXJ1KO0UrKFE2VFm8nNUOHmmiLO0hxOHfNZQySXOfxkKmN2rFpOVqOx0gKPFRai%2BZGG87A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8d392bc299ebdc98-FRA
alt-svc: h3=":443"; ma=86400
HTTP/2 301
date: Wed, 16 Oct 2024 15:44:34 GMT
content-type: text/html
location: https://old.archive.mk.ua/.well-known/acme-challenge/test
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZCN1T8Ht4oHIZqf4MvbfwDRAOMejk2SEhM1uGggJBodP679PMJIqUhi%2BqmE2bmUGGottx9EsyoHt4UtzeAdknLnu3vq5MGA3pHvUtAjw0z93r%2FM3Lsl%2FyDA7vcFqlLVaAjZONw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d392bc4daf265b1-FRA
alt-svc: h3=":443"; ma=86400
HTTP/2 301
date: Wed, 16 Oct 2024 15:44:34 GMT
content-type: text/html
location: https://old.archive.mk.ua/.well-known/acme-challenge/test
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nk6wC388I8%2F4m7EjMq1Qtv7tpTA8nzVOKDPEP4ajPPT1u9QnznTGL8zfziwcNxLjk5oXbaioh4rEPatrmBpln0AUmWIgLha%2BlLJVff4IOETuibLhuh01pOODKYtuWhmZVHFoog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d392bc58b9465b1-FRA
alt-svc: h3=":443"; ma=86400
curl: (47) Maximum (2) redirects followed
I don’t know if you are using some rules on Cloudflare’s side or you activated a redirect on Hestia but you must fix it before trying to issue a certificate.
I apologise for any unclear wording.
I have two servers:
One on CP 1.8.12+Ubuntu 22.04 (it is accessible from the web)
The second on CP 1.9.0a+Ubuntu 24.04 (local)
To transfer projects from the first server to the second, I created two sites on the second server:
www.archive
old.archive
I copied the SSL certificate details of www.archive from the first server and pasted them into the appropriate fields for both sites.
Everything worked. Then I made the second server (1.9.0a+Ubuntu 24.04) available from the Internet and turned off the first server.
As the second server became available online, I ordered the creation of SSL for the old.archive domain
I received errors and created a post on the forum. Nginx did not work and did not want to restart.
I ran the command v-rebuild-web-domains admin and nginx started working.
I tried to re-generate SSL creation for the old.archive domain
Nothing worked.
Now the new server is online so you can see the error.
I apologise for any inaccuracies in the question.
I can provide access to the server.
I requested the SSL certificate creation again and everything worked.
Thank you!
