Hi,
I’m having SSL issues with all of my websites. Let’s Encrypt validation is failing with:
Error: Let’s Encrypt validation status 400
(404)response from /.well-known/acme-challenge/...
I tested by manually creating a file inside /.well-known/acme-challenge/, but that file also returns a 404 when accessed from a browser.
Has anyone seen this before or knows where I should start looking?
Server: Debian; Nginx + Apache + PHPFPM
Hestia doesn’t use a physical dir/file to provide the challenge.
Show the output of these commands (replace YourUser and YourDomain with the actual data):
ls -la /home/YourUser/conf/web/YourDomain/
cat /home/YourUser/conf/web/YourDomain/nginx.conf
cat /home/YourUser/conf/web/YourDomain/nginx.conf_letsencrypt
If you share the domain name I can check it from my end.
Thank you for reply.
piripiran.com
root@panel:\~# ls -la /home/piripiran/conf/web/piripiran.com
cat /home/piripiran/conf/web/piripiran.com/nginx.conf
cat /home/piripiran/conf/web/piripiran.com/nginx.conf_letsencrypt
total 24
drwxr-xr-x 3 root root 4096 May 29 09:35 .
drwxr-x--x 6 root root 4096 May 29 10:07 ..
-rw-r----- 1 root piripiran 0 May 29 09:35 apache2.conf
-rw-r----- 1 root piripiran 0 May 29 09:35 apache2.ssl.conf
-rw-r----- 1 root piripiran 0 May 29 09:35 nginx.conf
-rw-r--r-- 1 root root 159 May 29 09:50 nginx.conf_letsencrypt
-rw-r----- 1 root piripiran 65 May 29 09:35 nginx.hsts.conf
-rw-r----- 1 root piripiran 0 May 29 09:35 nginx.ssl.conf
lrwxrwxrwx 1 root root 61 Dec 14 00:41 nginx.ssl.conf_letsencrypt -> /home/piripiran/conf/web/piripiran.com/nginx.conf_letsencrypt
drwxr-xr-x 2 root root 4096 May 29 09:15 ssl
location \~ "^/.well-known/acme-challenge/(\[-\_A-Za-z0-9\]+)$" {
default_type text/plain;
return 200 "$1.0SLYIkDj8Q6VS1RtgQ0yLoWqjDl6NSGxMtcdVzKhU9c";
}
I also need this:
Run this:
v-rebuild-web-domain piripiran piripiran.com yes
And check again the dir:
ls -la /home/piripiran/conf/web/piripiran.com
root@panel:~# v-rebuild-web-domain piripiran ``piripiran.com`` yes
sed: -e expression #11, char 60: unterminated s' command sed: -e expression #11, char 60: unterminated s’ command
sed: -e expression #11, char 60: unterminated s' command sed: -e expression #11, char 60: unterminated s’ command
That’s not good.
cat -A /usr/local/hestia/data/users/piripiran/web.conf | grep piripiran
root@panel:\~# cat -A /usr/local/hestia/data/users/piripiran/web.conf | grep piripiran
DOMAIN='piripiran.com' IP='46.224.32.68' IP6='' CUSTOM_DOCROOT='' FASTCGI_CACHE='no' FASTCGI_DURATION='0s' ALIAS='www.piripiran.com' TPL='default' SSL='yes' SSL_HSTS='yes' SSL_FORCE='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='piripiran_eyalcin:piripiran_abdullah' FTP_MD5='$y$j9T$IVq9' BACKEND='piripiran' FTP_PATH=':' PROXY='default' PROXY_EXT='css,htm,html,js,mjs,json,xml,apng,avif,bmp,cur,gif,ico,jfif,jpg,jpeg,pjp,pjpeg,png,svg,tif,tiff,webp,aac,caf,flac,m4a,midi,mp3,ogg,opus,wav,3gp,av1,avi,m4v,mkv,mov,mpg,mpeg,mp4,mp4v,webm,otf,ttf,woff,woff2,doc,docx,odf,odp,ods,odt,pdf,ppt,pptx,rtf,txt,xls,xlsx,7z,bz2,gz,rar,tar,tgz,zip,apk,appx,bin,dmg,exe,img,iso,jar,msi,webmanifest' STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='3441' U_BANDWIDTH='767990' SUSPENDED='no' TIME='01:51:52' DATE='2025-12-13'$
DOMAIN='ahmetyesevi.org.tr' IP='46.224.32.68' IP6='' CUSTOM_DOCROOT='' FASTCGI_CACHE='no' FASTCGI_DURATION='0s' ALIAS='www.ahmetyesevi.org.tr' TPL='default' SSL='yes' SSL_HSTS='no' SSL_FORCE='no' SSL_HOME='same' LETSENCRYPT_FAIL_COUNT='1' LETSENCRYPT='yes' FTP_USER='piripiran_site' FTP_MD5='$y$j9T$ub8m.' BACKEND='piripiran' FTP_PATH='' PROXY='default' PROXY_EXT='css,htm,html,js,mjs,json,xml,apng,avif,bmp,cur,gif,ico,jfif,jpg,jpeg,pjp,pjpeg,png,svg,tif,tiff,webp,aac,caf,flac,m4a,midi,mp3,ogg,opus,wav,3gp,av1,avi,m4v,mkv,mov,mpg,mpeg,mp4,mp4v,webm,otf,ttf,woff,woff2,doc,docx,odf,odp,ods,odt,pdf,ppt,pptx,rtf,txt,xls,xlsx,7z,bz2,gz,rar,tar,tgz,zip,apk,appx,bin,dmg,exe,img,iso,jar,msi,webmanifest' STATS='' STATS_USER='' STATS_CRYPT='' REDIRECT='' REDIRECT_CODE='' U_DISK='597' U_BANDWIDTH='31903' SUSPENDED='no' TIME='01:54:57' DATE='2025-12-13'$
DOMAIN='panel.piripiran.com' IP='46.224.32.68' IP6='' CUSTOM_DOCROOT='' FASTCGI_CACHE='no' FASTCGI_DURATION='0s' ALIAS='' TPL='default' SSL='yes' SSL_HSTS='yes' SSL_FORCE='yes' SSL_HOME='same' LETSENCRYPT='yes' FTP_USER='piripiran_piran' FTP_MD5='$y$j9T$75' BACKEND='default' FTP_PATH='' PROXY='default' PROXY_EXT='css,htm,html,js,mjs,json,xml,apng,avif,bmp,cur,gif,ico,jfif,jpg,jpeg,pjp,pjpeg,png,svg,tif,tiff,webp,aac,caf,flac,m4a,midi,mp3,ogg,opus,wav,3gp,av1,avi,m4v,mkv,mov,mpg,mpeg,mp4,mp4v,webm,otf,ttf,woff,woff2,doc,docx,odf,odp,ods,odt,pdf,ppt,pptx,rtf,txt,xls,xlsx,7z,bz2,gz,rar,tar,tgz,zip,apk,appx,bin,dmg,exe,img,iso,jar,msi,webmanifest' STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='2' U_BANDWIDTH='86' SUSPENDED='no' TIME='03:36:12' DATE='2025-11-10'$
DOMAIN='yonetim.piripiran.com' IP='46.224.32.68' IP6='' CUSTOM_DOCROOT='' FASTCGI_CACHE='no' FASTCGI_DURATION='0s' ALIAS='' TPL='default' SSL='no' SSL_FORCE='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='' FTP_MD5='' BACKEND='piripiran' PROXY='default' PROXY_EXT='css,htm,html,js,mjs,json,xml,apng,avif,bmp,cur,gif,ico,jfif,jpg,jpeg,pjp,pjpeg,png,svg,tif,tiff,webp,aac,caf,flac,m4a,midi,mp3,ogg,opus,wav,3gp,av1,avi,m4v,mkv,mov,mpg,mpeg,mp4,mp4v,webm,otf,ttf,woff,woff2,doc,docx,odf,odp,ods,odt,pdf,ppt,pptx,rtf,txt,xls,xlsx,7z,bz2,gz,rar,tar,tgz,zip,apk,appx,bin,dmg,exe,img,iso,jar,msi,webmanifest' STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='0' U_BANDWIDTH='0' SUSPENDED='no' TIME='10:04:16' DATE='2026-05-29'$
There is only one domain working good on server.
panel.piripiran.com
root@panel:~# v-rebuild-web-domain piripiran ``panel.piripiran.com`` yes
no error.
All others, including new added domain for testing, same error.
sed: -e expression #11, char 60: unterminated s' command sed: -e expression #11, char 60: unterminated s’ command
Just for the record.
The problem was caused by a duplicated configuration in a custom PHP-FPM template. After removing the duplicated configuration, the web domains rebuilt as expected.
so the update did not really break anything, it was just issuing regular commands that would have failed anyway, because of the broken custom templates.