".well-known/acme-challenge" missing

I try to install Let’s encrypt certificate, but it fails. I checked with https://letsdebug.net/ and it says there is no problem with de domain, but
http://#########/.well-known/acme-challenge/letsdebug-test returns 404
and
acme: error code 403 "urn:ietf:params:acme:error:unauthorized": Invalid response from http://#########/.well-known/acme-challenge/54-Kp_rhyLpHicKP0POXWykSAgs############
It is a clean hestia installation. Do I need any additional package to get a certificate?

Just discovered at some point I changed the https port to 8443 (netstat -tulpn helped). Now I need to find how to undo the change…

After editing ports in /usr/local/hestia/conf/hestia.con and editing all files in /etc/apache2/conf.d/* to listen ports 80 and 443; now apache is listening to 443, but let’s encrypt continues to fail. I checked in forum (and also at let’s encrypt forum) but could’nt find anything usefull. Any hint is wellcome.

Thanks

I discovered an error in my router NAT for 443, after correcting it, I could open a remote connection to port 443.
I decided maybe my changes weren’t necessary, so I reverted everything, and now nobody listens to port 443:

[email protected]:/etc/apache2/conf.d# netstat -tulpn | grep nginx
tcp        0      0 192.168.1.7:80          0.0.0.0:*               LISTEN      862171/nginx: maste 
tcp        0      0 172.18.0.1:80           0.0.0.0:*               LISTEN      862171/nginx: maste 
tcp        0      0 172.17.0.1:80           0.0.0.0:*               LISTEN      862171/nginx: maste 
tcp        0      0 0.0.0.0:8083            0.0.0.0:*               LISTEN      840616/nginx: maste 
tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN      862171/nginx: maste 
[email protected]:/etc/apache2/conf.d# netstat -tulpn | grep apache
tcp        0      0 192.168.1.7:8443        0.0.0.0:*               LISTEN      861346/apache2      
tcp        0      0 172.18.0.1:8443         0.0.0.0:*               LISTEN      861346/apache2      
tcp        0      0 172.17.0.1:8443         0.0.0.0:*               LISTEN      861346/apache2      
tcp        0      0 192.168.1.7:8080        0.0.0.0:*               LISTEN      861346/apache2      
tcp        0      0 172.18.0.1:8080         0.0.0.0:*               LISTEN      861346/apache2      
tcp        0      0 172.17.0.1:8080         0.0.0.0:*               LISTEN      861346/apache2      
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      861346/apache2      
[email protected]:/etc/apache2/conf.d# 

Should listen to it apache2 or nginx?

nginx should listen on port 443

I have experience with apache2 and cPanel, but I am a newbie with nginx. Which files should I check?

/etc/nginx/nginx.conf

But Unless you have changed something it should work out of the box

I think letsencrypt authenticates over port 80. If you have the nginx+apache config, then the relevant config is in
/home/user/conf/web/domain.com/nginx.conf_letsencrypt

location ~ "^/\.well-known/acme-challenge/(.*)$" {
    default_type text/plain;
    return 200 "$1.MKK40wr0blah_OYoJdblah";
}

Which basically says, “if someone asks for something in .well-known/acme-challenge, send them back this string”

1 Like

did you restart nginx/reboot after you undid your changes and opened the firewall?

I checked

and then /home/admin/conf/web/mydomain.com/nginx.conf:

server {
    listen      172.18.0.1:80;
    server_name mydomain.com ;

    include /home/admin/conf/web/mydomain.com/nginx.forcessl.conf*;

    location / {
        proxy_pass      http://172.18.0.1:80;
        location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|exe|pdf|doc|xls|ppt|txt|odt|ods|odp|odf|tar>
            root           /home/admin/web/mydomain.com/public_html;
            access_log     /var/log/apache2/domains/mydomain.com.log combined;
            access_log     /var/log/apache2/domains/mydomain.com.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/admin/web/mydomain.com/document_errors/;
    }

    location @fallback {
        proxy_pass      http://172.18.0.1:80;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include /home/admin/conf/web/mydomain.com/nginx.conf_*;
}

I don’t see anywhere port 443; so I believe I am missing some piece of configuration

I tried to enable SSL for the main domain, but I can’t neither using let’s encrypt nor generating a new one.

Enable it using a self signed certificate should always work. Whats the error message if you try it?

Using web interface, when I click to create certificate, it open a window and create a certificate, but it is not filled in the text areas. I copy all the info and try to paste it in the correct text areas, but it complains it is invalid.

that sounds weird, basicly you should be able to copy and past every certiifcate you want, you just need a certificate and the key - there is no validation process if you add it. Just something like that here: https://www.selfsignedcertificate.com/

Checked again, error is:
Error: SSL intermediate chain is not valid
Using default values. I want to use Let’s encrypt, so this certificate will be changed as soon as possible.
I haven’t created a DNS entry, I am using a dynamic domain from afraid.org

EDIT: The error log contains:

2020-10-30 18:27:43 v-add-web-domain-ssl  'admin' 'mydomain.com' '/tmp/tmp.tQjOwTvHvV' 'same' 'no' [Error 3]

When installing, I had some problems because some other services installed in my server where already using some hestia ports. I changed the other services.

Ok, that you should have posted as first… Hestia needs to be installed on a CLEAN server, please use a new one, if you will be still able to reproduce the issue, we will help you for sure.

Installing a new server is not an option, my home server already has many services running… I will go the hard way of trying to solve this issue, or try another panel if I cannot make it work.
Sorry for not commenting this at first, and thanks for your time