Recently I’m facing this issue while getting SSL from LetsEncrypt. Even when the domain dns have propagated throughout the world, I checked using dnschecker.org but still at hestiacp it throws me below error. It’s unusual behaviour for me as earlier it worked as fine. Experts here can check if there’s any issue in this.
Show your nginx conf:
cat /home/*/conf/web/hrm.aivirtrix.com/nginx.conf
cat /home/*/conf/web/hrm.aivirtrix.com/nginx.conf_letsencrypt
Next time, please, instead of screenshots, copy and paste the output, sekect the pasted text and click on button </> to format it.
That conf should work. Edit nginx.conf for that domain and move the last include (.../nginx.conf_*) before the first include (.../nginx.forcessl.conf*).
Once done:
systemctl reload nginx
If you execute this command the output should show test.OKNcz...
curl -ikL http://hrm.aivirtrix.com/.well-known/acme-challenge/test
You can also test it using your browser: http://hrm.aivirtrix.com/.well-known/acme-challenge/test
1 Like
nope, the issue still persists. I am facing multiple issues since updating Hestia version.
Issue 1: Cannot activate Let’s Encrypt certificate after adding domain, due to error mentioned above from Let’s encrypt.
Issue 2: Even after lets encrypt SSL is activated on site, the site still opens using Server certificate.
Issue 3: The site redirect to non secure http even after opening via https:// , I changed the app url in my laravel .env to use https, cleaned and purged nginx cache, still the behaviour remains same.
Since the update, I cannot get a single SSL installed and working for any domain
Ok, after messing with my head for a long time. After adding any new domain, the only way to make /.well_known path work in nginx conf is by Restarting nginx.
restarting nginx service worked. It means somewhere in hestia script a nginx restart is missing.
At this point, I can’t seem to understand anything. How Issue 3 was being able to solve by a restart, I even tried cleaning nginx cache by command. And also how did “systemctl reload nginx” also didn’t worked. And restarting service from hestia cp admin panel worked.
Might be an assumption at this point, but everything seems to be working alright after nginx hard restart.
This is confirmed, I have to restart nginx multiple time as to install SSL
Add a new domain.
Restart nginx manually (Let’s encrypt will throw error otherwise)
Apply Let’s Encrypt SSL
Restart Nginx again as for SSL to work, otherwise it will not work.
I have to restart nginx 2 times in this process.
That should not happen.
Does nginx -t show any problems?
Maybe systemctl reload nginx is taking too much time. Do you have a lot of sites?
No not much sites, I have a good configuration server.
root@server:/home/sedawk# v-list-users | wc -l
77
root@server:/home/sedawk#
Every user have 2 sites at most. so you can assume, 160 sites approx.
- nginx -t shows no problem
root@server:/home/sedawk# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful root@server:/home/sedawk# - systemctl reload nginx doesn’t take much time
This issue is really bothering me. I have to restart nginx 2 times in order to activate an SSL successfully.
Sounds like a to Many open files issue…
1 Like
Do you have any idea how could I resolve it, my current open files ulimit is set to 1024. Should I increase it.
Currently in order to apply certificate I have to.
- Add Domain
- Apply Lets Encrypt Certificate in order to get error “Error: Validation status 400”
- Restart Nginx manually
- Add SSL from Let’s Encrypt (This time it will work, but site will still not have ssl applied when opened)
- Restart Nginx Again
- Now site will open.
I have to be strict with above order, only then it works, If I restart nginx just after adding domain no matter how many times, let’s encrypt will still give me validation 400 error due to /.well-known/acme-challenge path not working.
1024 is low if you have 200 domains
1 Like
Solved after increasing the open files limit
Where is this file and the entry within where the limit is set to?