V-add-letsencrypt-host (Validation Status 400)

Hello guys! How are you?

This is my first time using Hestia, trying to switch from Vesta.

Installed a fresh copy of hestia on a Debian 10 system, a quick and nice installation that worked with no problems.

Now when i tried to add SSL to the panel through the recommended command “v-add-letsencrypt-host” i had this error:

root@myuser:~# v-add-letsencrypt-host
Error: Let’s Encrypt validation status 400. Details:
Error: Let’s Encrypt SSL creation failed

My domain is pointed to the server ip and also added the FQDN as an A record on my domain registrant but keep having this issue, any recommendations?

Hi @xysites

Please consider to use our forum search, there are already a few threads about LE 400: https://forum.hestiacp.com/search?q=validation%20status%20400

You’ll find there a few parts to check and explanations, why a 400 may occure.

Hi @Raphael, already checked those threads, only one guy having a similiar issue than me:

Thing is, i’m not using Cloudflare for my server domain, as i understood, error 400 is due to bad dns configuration, when i installed the HestiaCp, the panel didn’t added the DNS rules automatically like Vestacp, dns and mail are empty, should id add the rules manually for the domain and then try to SSL?

test your dns here https://dnschecker.org/

1 Like

Hi, dns is resolving well, A records, and MX records are showing in Dns records lookup websites.

Tried to do nslookup and this was the output:

root@user:~# nslookup mydomain x.x.x.x
Server: x.x.x.x
Address: x.x.x.x#53

** server can’t find mydomain: REFUSED

Depends how you built up your dns. The only thing I can say is that let’s encrypt works properly and the LE 400 leads to an connection issue - as written in the other posts. Also be sure you’ve removed all ipv6 records, otherwise the validation will also fail.

I know the platform work, just don’t get it, why dns lookup is showing on any sites but hestia don’t recognize it, this is my dns settings, see something strange in it?

Also did “ping” to all the records and all respond to the server ip…
I didn’t set any ipv6 records.

Hestia doesn’t support ipv6 yet. So it should be no issue…

Found a solution! By default Vestacp used to assign my main ip to domains automatically when added to the panel, in this case Hestiacp applied the my local ip provided by te server vendor wich is pretty similar to my main ip, just figured it out watching close in the panel.

Thank you all for your responses!

4 Likes