Unable to set Let's Encrypt for control panel

iqbal · January 23, 2022, 7:32am

Hello,

I failed to set up Let’s Encrypt for control panel

~# v-change-sys-hostname hostname.domain.tld
~# v-add-letsencrypt-host
Error: DNS record for hostname.domain.tld127.0.0.1 doesn’t exist
Error: Let’s Encrypt SSL creation failed

In the page https://hostname.domain.tld:8083/list/web/ there are two domains:

hostname.domain.tld
hostname.domain.tld127.0.0.1

Even though hostname.domain.tld127.0.0.1 was removed from the web list, setting Let’s Encrypt for the control panel also doesn’t work.

Additional information, I’m using Debian 11 with 1GB RAM, 1GB SWAP and 2 CPU Cores which I use for DNS Cluster purposes.

I’ve also tried with different OS, like Ubuntu 18.04 and Ubuntu 20.04. But I experienced the same thing.

eris · January 23, 2022, 8:30am

What happens when you run:

nslookup hostname.domain.ltd

iqbal · January 23, 2022, 11:50am

Thank you for the response. It’s as you asked:

~# nslookup hostname.domain.tld
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: hostname.domain.tld
Address: 01.102.103.104
Name: hostname.domain.tld
Address: 2a01:0ab0:e:0b1::c2d3
Name: hostname.domain.tld
Address: 2b02:c123:456:0ab::123c

Raphael · January 23, 2022, 12:05pm

Be sure to do the nslookup on the hestia host, which has the issue. Also be sure, u dont use any ipv6 records, also, if you use cloudflare, port 8083 isnt supported from them.

iqbal · January 23, 2022, 12:28pm

Currently the ipv6 record does exist at hostname.domain.tld, however I’m not using cloudflare.
I’ll try again installing hestia with another new server, without ipv6 records. I will explain the results here.

Raphael · January 23, 2022, 12:31pm

https://docs.hestiacp.com/admin_docs/web/ssl_certificates.html#error-let-s-encrypt-validation-status-400

iqbal · January 23, 2022, 2:50pm

On another fresh server, before installing hestia I checked ipv6

~# nslookup slave02.domain.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: slave02.domain.com
Address: 01.102.103.104

IPv6 has also been disabled. I think this is also what I need to prevent unwanted communication.

~# nano /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Even i removed the ipv6 line from the file /etc/network/interfaces. But after finished installing hestia, on the control panel page https://slave02.domain.com:8083/list/web/ still loading two webs

slave02.domain.com
slave02.domain.com127.0.0.1

eris · January 23, 2022, 4:02pm

What happens when you run:

hostname in command line?

It sounds like it is as:

slave02.domain.com127.0.0.1

As if it doesn’t exists it will create it…

Also what is the contents of /etc/hosts

iqbal · January 24, 2022, 3:16am

I forgot this file

I removed the slave02.domain.com127.0.0.1 line in the file /etc/hosts, now I can run v-add-letsencrypt-host

Thank you for your response

system · February 23, 2022, 3:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.