Unable to get SSL for Hestia CP

Hi, I registered a new domain, installed Ubuntu 22.04 on a new server, created DNS records and installed the latest version of Hestia CP. All works fine except for https because I am unable to get SSL certificate. I can access HTTP hcp.mydomain.xx fine. Did exactly same process in past on other server and it worked flawlessly.

I tried in Hestia CP under admin account
image
but it fails:
image

I tried to reload nginx, also nginx -t shows no problem.

I did search here and on Let’s Encrypt forums but did not find anything that would work for me.

The domain is registered with a local registrar and these are my DNS records:
image

Let’s debug website returned no errors.

This is when checking acme URL:

{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "XXX.XXX.XXX.XXX: Invalid response from http://hcp.mydomain.xx/.well-known/acme-challenge/qKaOjlW_EXLX4rbMvP9vlVIH0mbAODdV2Hxx-1iKNTs: 404",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/186655185057/xxxxxxx",
  "token": "qKaOjlW_EXLX4rbMvP9vlVIH0mbAODdV2Hxx-1iKNTs",
  "validationRecord": [
    {
      "url": "http://hcp.mydomain.xx/.well-known/acme-challenge/qKaOjlW_EXLX4rbMvP9vlVIH0mbAODdV2Hxx-1iKNTs",
      "hostname": "hcp.mydomain.xx",
      "port": "80",
      "addressesResolved": [
        "XXX.XXX.XXX.XXX"
      ],
      "addressUsed": "XXX.XXX.XXX.XXX"
    }
  ],
  "validated": "2022-12-13T09:58:47Z"
}

Also tried to run v-change-sys-hostname and v-add-letsencrypt-host, no luck either.

I really have no idea what could be wrong. Can you advise, please?


Now I created a new web domain (test.mydomain.xx) under my user (not admin) and everything worked, the certificate was issued without a problem. Why is it not possible under admin?

What do you see when you enter:

http://hcp.mydomain.xx/.well-known/acme-challenge/qKaOjlW_EXLX4rbMvP9vlVIH0mbAODdV2Hxx-1iKNTs
in the browser?

this:
image

plus there is no such folder: .well-known

[email protected]:/home/admin/web/hcp.mydomain.xx/public_html# ls -al
total 16
drwxr-x--x 2 admin www-data 4096 Dec 12 21:08 .
dr-xr-x--x 8 admin admin    4096 Dec 12 21:08 ..
-rw-r--r-- 1 admin admin    2897 Dec 12 21:08 index.html
-rw-r--r-- 1 admin admin      66 Dec 12 21:08 robots.txt

We use an custom nginx config found in /home/user/conf/web/domain/nginx.conf_letsencrypt

I assume you use the default template?

Yes, I use default template. Did not change anything there.

image

[email protected]:/home/admin/conf/web/hcp.mydomain.xx# cat nginx.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.O_oHI5R6CqBgh8knTth7B1NQfki29Anko86buMMsxCc";
}

That should be fine

Good to know. So where else should I look for the cause of this problem?

1 Like

Still having the problem. I deleted the domain created under admin account and created it again under my user (not admin) and SSL certificate was issued no problem.
However when I open the page again (after server restart and browser restart) it still shows the original invalid certificate. Why is not the new certificate used? The old, invalid, certificate was issued Dec 12 and the new one today, ie Dec 20.

image

Run

v-add-letsencrypt-host as root

1 Like

It worked!
Thank you!

1 Like