SSL for HestiaCP panel

I write v-add-letsencrypt-host and get

root@panel:~# v-add-letsencrypt-host
Error: Let’s Encrypt validation status 400 (panel.example.com). Details: 403:“IP HERE: Invalid response from http://panel.example.com/.well-known/acme-challenge/*************************************************: 404”
Error: Let’s Encrypt SSL creation failed
I don’t use CloudFlare.
I installed the panel now, how can I fix it?

It should be good to know what is the actual server name to test it from our side.

Okay, no problem
Error: Let’s Encrypt validation status 400 (panel.example.com). Details: 403:“203.0.113.147: Invalid response from http://panel.example.com/.well-known/acme-challenge/*************************************************: 404”

Please, show the output of these commands:

hostnamectl hostname
hostname -f
v-search-object panel
root@panel:~# hostnamectl hostname
Unknown operation hostname.
root@panel:~# hostnamectl panel.example.com
Unknown operation panel.example.com.

root@panel:~# hostname -f
panel.example.com

root@panel:~# v-search-object panel
USER     TYPE  KEY     RESULT                 ALIAS
------
admin    web   DOMAIN  panel.example.com

What OS and version are you using?

Show the output of these commands:

ls -la /home/admin/conf/web/panel.example.com/
grep 'include' /home/admin/conf/web/panel.example.com/nginx.conf
grep -A3 'well-known' /home/admin/conf/web/panel.example.com/nginx.conf
cat /home/admin/conf/web/panel.example.com/nginx.conf_letsencrypt

System: Ubuntu 20.04.6

ls -la /home/admin/conf/web/panel.example.com/

root@panel:~# ls -la /home/admin/conf/web/panel.example.com/
total 16
drwxr-xr-x 2 root root  4096 Nov 18 02:42 .
drwxr-x--x 3 root root  4096 Nov 17 02:37 ..
-rw-r----- 1 root admin    0 Nov 18 02:42 apache2.conf
-rw-r----- 1 root admin    0 Nov 18 02:42 nginx.conf
-rw-r--r-- 1 root root   159 Nov 20 06:50 nginx.conf_letsencrypt
lrwxrwxrwx 1 root root    65 Nov 17 02:38 nginx.ssl.conf_letsencrypt -> /home/admin/conf/web/panel.example.com/nginx.conf_letsencrypt

No information:
grep ‘include’ /home/admin/conf/web/panel.example.com/nginx.conf

root@panel:~# grep 'include' /home/admin/conf/web/panel.example.com/nginx.conf
root@panel:~#

No information:
grep -A3 ‘well-known’ /home/admin/conf/web/panel.example.com/nginx.conf

root@panel:~# grep -A3 'well-known' /home/admin/conf/web/panel.example.com/nginx.conf
root@panel:~#

cat /home/admin/conf/web/panel.example.com/nginx.conf_letsencrypt

root@panel:~# cat /home/admin/conf/web/panel.example.com/nginx.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "SECRET INFO?";
}

I’m wondering why those conf files are empty, you are not using any conf, neither for nginx nor apache.

Try to rebuild the web domain:

v-rebuild-web-domain admin panel.example.com

Once done, check again that you have the right conf:

grep ‘include’ /home/admin/conf/web/panel.example.com/nginx.conf
grep -A3 ‘well-known’ /home/admin/conf/web/panel.example.com/nginx.conf

Both commands should show info.

If you see info from above commands, test whether you are serving the well-known info correctly:

Open your browser and navigate to this url:
http://panel.example.com/.well-known/acme-challenge/test

If all is working, you should see a line like test.here_your_long_alpha_numeric_string

If it still doesn’t work, restart nginx and try again.

systemctl restart nginx

If it works, try again to issue a Let’s Encrypt certificate.

v-add-letsencrypt-host

Thanks a lot. Problem solved.
Is it okay that anyone can see this on the site?:

http://panel.example.com/.well-known/acme-challenge/test 1

The best thing to do is to delete the topic, please, so that no data remains. Thanks again!

You are welcome. I’m glad you issued the certificate for your domain.

Yes, it is ok. Keep in mind that in this case, test is the token and nobody knows what the real token is. As I said, no problem.

I don’t like to delete topics so I’m going to edit all the posts on this topic to replace your actual domain with example.com

2 Likes