Suddenly impossible to get a SSL certificate

Jollip · October 12, 2025, 4:37am

Hello,

Everything was working very well, but since today I can’t make a single SSL certificate through let’s encrypt. I always get this error:

Error: Let’s Encrypt validation status 400 (myndd.xyz). Details: 403:“2606:4700:3033::ac43:9ab1: Invalid response from http://myndd.xyz/.well-known/acme-challenge/yitJlhx0uhJwgyLEkBuJ7-sWE0hvnI5HL2mDbi0xWsQ: 404”

I don’t understand because I did everything I usually do.

Cloudflare, nameservers, correct IP address, In fact I automated everything so it’s impossible that I made an error, it just stopped working suddenly.

Cloudflare is active, my ip is correct, nameservers are correct on my registrat, I tried with/without full/flexible on cloudflare.. It’s just impossible to get a certificate, and it does that on all the new domains I’m trying to add (I havent tried on older one because I’m a bit scared that they wouldn’t work)

Someone has an idea?

Thanks and have a nice day!

nu01 · October 12, 2025, 5:00am

AFAIK, let’s encrypt does not issue IPV6 certificates, only IPV4.

Jollip · October 12, 2025, 5:31am

Oh, that’s good to know, is there a way to get back to ipv4? Because it’s the same server, same cloudflare account, same everything and I’ve been able to do let’s encrypt certificates in the past, so something might have changed, but what haha

nu01 · October 12, 2025, 7:02am

1. Open the sysctl configuration file in a text editor:

sudo nano /etc/sysctl.conf

2. Add the following lines at the end of the file to disable IPv6:

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

3. Apply the changes:

sudo sysctl -p

Raphael · October 12, 2025, 7:50am

just remove ipv6 dns records for your domain and you’re fine.

nu01 · October 12, 2025, 8:37am

My bad. It slipped my mind completely about DNS record.

Jollip · October 12, 2025, 2:00pm

Thanks for your answer, where can I find that? On cloudflare I just have a A with ipv4 and a CNAME on www that redirect on the domain name

nu01 · October 12, 2025, 2:21pm

In HestiaCP, against the domain name, check the DNS records, remove the IPV6/AAAA record.

Raphael · October 12, 2025, 5:10pm

Ah, then you’re using cloudflare, which explains why you got a ipv6 address - basicly this is fine, there seems to be another issue.

As we do not know what fails, you could also use cloudflare’s own certs: SSL Certificates | Hestia Control Panel

Jollip · October 17, 2025, 6:12pm

I really think it is a new issue with hestia, because I “““fixed””” it, it’s my 9th domain name and the only fix I found is:

Try to make the ssl
reboot VPS
retry to make the ssl

=

It works without changing anything

Raphael · October 17, 2025, 6:58pm

probaly a max open files issue, have a look at the search function.

Jollip · October 21, 2025, 3:58am

Unfortunately it wasn’t the issue, I still have to reboot everytime