No issues were found with domain.com. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.
That variable is LETSENCRYPT_FAIL_COUNT and the value is 31, that means it failed to renew the certificate 31 times and max allowed failures are 30 so it is ignoring the domain and it won’t be renewed.
It will be easier to help if you share the actual domain.
If your domains are using Hestia as DNS provider, and bind doesn’t start, yes, that could be the problem.
Regarding bind errors, you should show the entire lines to know what’s going on.
systemctl restart named
systemctl status named --no-pager -l
I forgot to say that if you want to reset to 0 the variable LETSENCRYPT_FAIL_COUNT for all your web and mail domains, you can use this command line:
for i in $(grep -rlE "LETSENCRYPT_FAIL_COUNT='[1-9][0-9]?'" /usr/local/hestia/data/users/); do sed -i "s/LETSENCRYPT_FAIL_COUNT='[1-9][0-9]*'/LETSENCRYPT_FAIL_COUNT='0'/" "$i";done
But don’t reset the count until you fix the root cause or you’ll have issues reaching Let’s Encrypt rate limits.
ubuntu@hcp:~$ sudo systemctl status named --no-pager -l
× named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2024-10-30 04:02:35 UTC; 2min 21s ago
Docs: man:named(8)
Process: 90641 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=1/FAILURE)
CPU: 17ms
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: Failed to start BIND Domain Name Server.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: Stopped BIND Domain Name Server.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: named.service: Start request repeated too quickly.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: named.service: Failed with result ‘exit-code’.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: Failed to start BIND Domain Name Server.
ubuntu@hcp:~$ sudo systemctl status named --no-pager -l
× named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2024-10-30 04:02:35 UTC; 5min ago
Docs: man:named(8)
Process: 90641 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=1/FAILURE)
CPU: 17ms
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: Failed to start BIND Domain Name Server.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: Stopped BIND Domain Name Server.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: named.service: Start request repeated too quickly.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: named.service: Failed with result ‘exit-code’.
Oct 30 04:02:35 hcp.irarabinowitz.com systemd[1]: Failed to start BIND Domain Name Server.
==========================================
Log don’t exist at that location. /var/log/hestia/LE-yourdomain.log
systemctl doesn’t show any relevant error so check the syslog.
sudo grep named /var/log/syslog
or use journalctl
sudo journalctl -u named -l --no-pager --output=short-iso --since=yesterday
But I see your domains are not using Hestia as DNS provider, you are using Namecheap’s DNS servers so that shouldn’t be a problem.
Also, the last time you issued or renewed a certificate was in February…
Reset the fail count and try again to issue or renew a certificate.
sudo su -
for i in $(grep -rlE "LETSENCRYPT_FAIL_COUNT='[1-9][0-9]?'" /usr/local/hestia/data/users/); do sed -i "s/LETSENCRYPT_FAIL_COUNT='[1-9][0-9]*'/LETSENCRYPT_FAIL_COUNT='0'/" "$i";done
sudo for i in $(grep -rlE “LETSENCRYPT_FAIL_COUNT=‘[1-9][0-9]?’” /usr/local/hestia/data/users/); do sed -i “s/LETSENCRYPT_FAIL_COUNT=‘[1-9][0-9]*’/LETSENCRYPT_FAIL_COUNT=‘0’/” “$i”;done
-bash: syntax error near unexpected token `do’
You should not use sudo in front of the for loop, use it exactly as I posted.
First:
sudo su -
And once you are root:
for i in $(grep -rlE "LETSENCRYPT_FAIL_COUNT='[1-9][0-9]?'" /usr/local/hestia/data/users/); do sed -i "s/LETSENCRYPT_FAIL_COUNT='[1-9][0-9]*'/LETSENCRYPT_FAIL_COUNT='0'/" "$i";done
I reset LETSENCRYPT_FAIL_COUNT. Now I got a new error
ubuntu@hcp:~$ sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl
/usr/local/hestia/func/main.sh: line 99: [: dns failed to restart: integer expression expected
/usr/local/hestia/func/main.sh: line 160: exit: dns failed to restart: numeric argument required
But did you enable the use of SSL for that web domain? Because you already issued certificates for web domain staging.agencywoo.com and mail domain mail.agencywoo.com and webmail.agencywoo.com