SSL security error

Hello, can you help me with an SSL certificate problem, please.

It is delivering this error:
SSL security error. [ Help ]
The server returned the error “SSL error: Leaf certificate is expired”

can you test your domain at https://ssl-tools.net/mailservers and let me know the results?

We can not guarantee a secure connection to the mailservers of servpc.cl!

Please contact the operator of servpc.cl and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/servpc.cl

Servers

Incoming Mails

These servers are responsible for incoming mails to @servpc.cl addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.servpc.cl

2600:3c02::f03c:92ff:fe77:85d1

Results incomplete|10||not checked|DANE

missing

PFS

not checked

Heartbleed

not checked

Weak ciphers

not checked||3 minutes ago

1 s|
|mail.servpc.cl

45.79.196.36|10|supported|mail.servpc.cl|DANE

missing

PFS

supported

Heartbleed

not vulnerable

Weak ciphers

not found|* TLSv1.2

  • TLSv1.1
  • TLSv1.0
  • SSLv3|3 minutes ago

7 s|

Outgoing Mails

We have not received any emails from a @servpc.cl address so far. Test mail delivery

Certificates

First seen at: 8 minutes ago

CN=mail.servpc.cl

Certificate chain

Subject

Common Name (CN)

  • mail.servpc.cl

Alternative Names

  • mail.servpc.cl
  • webmail.servpc.cl

your certificate expired 2 days ago. Can you run v-update-letsencrypt-ssl and try again?

Also check if you have a cron setup for it.

When executing v-update-letsencrypt-ssl it gives the following error
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending.

If it is created in cron
sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl

Disable force ssl

1 Like

How do I do that.
v-update-letsencrypt-ssl Disable force ssl?

Keep coming out:
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

This should usually not be an issue as letsencrypt ignores expired ssl certs.

But you can give it a try:

Another issue could be, that nginx has an issue reloading the config.
ssh into your box and run “service nginx restart” without the quotes and see if it comes back up without issues.

-Dennis

I did the image on all accounts and there were no changes.
Also restart nginx and everything remains the same.
v-update-letsencrypt-ssl
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

Take a look at the logs. At what step does it complain?

I just saw something here, have you added your ipv6 to this domain in hestia? Let’s Encrypt might look at the ipv6 and nothing is listening on that ipv6.



2 Likes

@Dennis is right remove ipv6 from the DNS records and it should work fine…

We should really work on ipv6 support…

1 Like

This came to me today:

Cron [email protected] sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl

/etc/profile: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
Error: DNS record for cisiem.com doesn’t exist

And it is repeated for each of the hosted domains (16)

In hestia I have not added ipv6

you have this setup at your domain registrar. You will have to change it with them.

1 Like

The image shows the IPs on the Linode server.
Which ones should I delete?

Hi there,

i would go ahead with disabling all ipv6 records for this domain.

-Dennis

Thanks for all the help you have given me.

I deleted all IPV6, and ran again v-update-letsencrypt-ssl
and the error continues:
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

usually a record has a validity of 3600 seconds. So give it an hour and then try again. It is still showing that ipv6 for me.

-Dennis

Today I got this email:

Cron [email protected] sudo /usr/local/hestia/bin/v-update-sys-queue disk

With this message:
/etc/profile: fork: retry: Resource temporarily unavailable