Problem for one domain with SSL

I have created dozens of domains with SSL without any problems. Everything has always worked very well with HestiaCP. Suddenly, an error appears. I do not know why. I have DNS in Cloudflare, but without a proxy. I don’t have any firewall blocks. Apache2 server + nginx proxy. Domain: jumpersport.pl
Debugging ok: Let's Debug
but I have an error:

==[Debug information Step 5]==
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “185.157.81.211: Invalid response from http://jumpersport.pl/.well -known/acme-challenge/tU9QZEaehuVlFW9Yl0AXGAyYZfYVRhCcgjroz9Wq8aM: 404”,
“status”: 403
},
“url”: "https://acme-v02.api.letsencrypt.org/acme/chall-v3/334845734957/VsPflA ",
“token”: “tU9QZEaehuVlFW9Yl0AXGAyYZfYVRhCcgjroz9Wq8aM”,
“validationRecord”: [
{
“url”: “http://www.jumpersport.pl/.well-known/acme-challenge/tU9QZEaehuVlF W9Yl0AXGAyYZfYVRhCcgjroz9Wq8aM”,
“hostname”: “www.jumpersport.pl”,
“port”: “80”,
“addressesResolved”: [
“185.157.81.211”
],
“addressUsed”: “185.157.81.211”,
“resolverAddrs”: [
“A:10.1.12.89:26534”,
“AAAA:10.1.12.81:31390”
]
},
{
“url”: “http://jumpersport.pl/.well-known/acme-challenge/tU9QZEaehuVlFW9Yl 0AXGAyYZfYVRhCcgjroz9Wq8aM”,
“hostname”: “jumpersport.pl”,
“port”: “80”,
“addressesResolved”: [
“185.157.81.211”
],
“addressUsed”: “185.157.81.211”,
“resolverAddrs”: [
“A:10.1.12.88:20040”,
“AAAA:10.1.12.83:20057”
]
}
],
“validated”: “2024-04-05T15:00:22Z”
}

==[Abort Step 5]==
=> Wrong status

restarting apache2 and nginx did not work, still error.

Do you have any ideas? delete data from the directory:
/usr/local/hestia/data/users/jumpersport and try adding the certificate again?

Start by reading your logfiles before you start randomly deleting things. You need to determine why you are serving HTTP 403 & 404 responses instead of the acme challenge.

I just don’t know why there is no access. I don’t know where this error code comes from. All other domains have the classic answer of 200

It comes from your webserver. Start with its logs and see where it leads.

If you share any log excerpts here, please use text, not screenshots, and use the </> Preformatted text option when you post that content to preserve legibility.

I’ll check all the logs, maybe it’s a permissions problem

Could you show the output of these commands?

grep -r 'include.*\/nginx.conf_' /home/jumpersport/conf/web/jumpersport.pl
grep -r 'include.*\/nginx.ssl.conf_' /home/jumpersport/conf/web/jumpersport.pl
cat /home/jumpersport/conf/web/jumpersport.pl/nginx.conf_letsencrypt

I removed the “www” alias and SSL was performed without any problems. The CNAME in Cloudflare for “WWW” was without a proxy, so I’m surprised. I will look into this further, but this was an issue that was causing the error apparently.

If that DNS Only CNAME pointed at a proxied hostname, it would still pass through the Cloudflare proxy.

The Cloudflare setting of Always Use HTTPS can interfere with the ACME HTTP-01 challenge used to obtain a certificate from Let’s Encrypt. For that reason I use my own redirect rule in Cloudflare for HTTP → HTTPS redirection and include an exception for the /.well-known/acme-challenge/ path.

I don’t know if that will help you, but it seemed worth sharing.

Cname www pointed to an address without www, but the proxy was disabled. I always remember to turn off the proxy. This case is strange, I just had to remove the alias in hestiacp “www” and it worked. I’m investigating the matter further.

Just tried it with a new website of mine and I had no issues

I’ve never had a problem with dozens of other domains either. I’m looking for custom settings, maybe a different htaccess, or lack of permissions. Because I only see a problem for this domain. This doesn’t look like a HestiaCP bug.