Newbie: add domain problem

sjordi · August 25, 2024, 9:18pm

Hi,
just starting with HestiaCP, read a lot of posts but still can’t figure out something.
I added my domains into the control panel, they are registered with Hostinger. nslookup of checks on http://whatsmydns.net/ shows it’s propagated.
Then when I add those domains into the control panel and tell them to add a Let’s Encrypt certificate, it ends up with the infamous “Error: Let’s Encrypt finalize bad status 403” message.
Now, I wonder whether the websites should first exist or not to allow Let’s Encrypt create the certificate.
I have not deployed my website yet, as they’re going to be containers, each one of them (still have to check nginx proxy to point to them).
Could that Let’s Encrypt error be due to the lack of the actual website contents?

DNS are defined automatically from hostinger.
So when adding a domain via HestiaCP, they’re already defined in Hostinger.

I followed the doc to add a domain, etc… but still, no ssl.

Any clue?
Thanks for any help.

sahsanu · August 25, 2024, 9:38pm

Hi @sjordi,

Web domain must be added on Hestia before issue a Let’s Encrypt certificate but there is no need to have any content.

Just to be sure your domain is pointing to your server’s public ip:

dig +trace example.net +nocmd +nodo -4 +short | tail -n1

Also, by default, when you add a web domain like example.net, Hestia also adds an alias www.example.net and both must be pointing to your ip.

dig +trace www.example.net +nocmd +nodo -4 +short | tail -n1

Be sure that you are not using AAAA records (IPv6) because Let’s Encrypt will try to use them but Hestia doesn’t support IPv6 (yet).

Also, if you tried to issue a certificate, try this from command line:

curl -kL http://example.net/.well-known/acme-challenge/test
curl -kL http://www.example.net/.well-known/acme-challenge/test

For both commands you should see an output similar to this:

test.F-zkMYPma60BaNWaP8cikYh9Nu-fvCCWocjFvYqvIeT

sjordi · August 26, 2024, 11:08am

Well,
You nailed it. Thanks a lot. It now works without trouble.

The problem was the IP address.
The dig command did show another IP than my VPS.
I first tried a VPS with Hostinger in late June and then cancelled it while retaining my domains with them.
Now I’m back and have a new VPS, but the domains did all point to the former VPS IP.
Even a “reset default DNS values” still pointed to that old IP.
So I just changed all the A records from my domains to point to my current VPS IP and Let’s Encrypt now works. Of course since now it’s able to actually communicate with the real thing!
Shame on me , should have noticed that myself.
Thanks a lot.

system · September 25, 2024, 11:08am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.