vesta icon indicating copy to clipboard operation
vesta copied to clipboard

Published 20 hours ago verified publisher icon serghey-rodin

LetsEncrypt status 400

Open anujgakhar opened this issue 4 years ago • 10 comments

Operating System (OS/VERSION):

Ubuntu 18.04

VestaCP Version:

0.9.8 release 26

Installed Software (what you got with the installer):

apache and Iptables

Steps to Reproduce:

added domain but I changed the DocumentRoot (via a separate web template) to add %docroot%/Site to the end

Now when I try to add LE cert, I see error status 400, I think it might be because the .well-known folder gets created inside the public_html folder whereas my domain's document root is public_html/Site - so the LE can't validate...I also tried changing the DocumentRoot to public_html but then it throws a validation timeout error.

How do I go around fixing this, any ideas?

anujgakhar avatar Mar 13 '20 21:03 anujgakhar

This line of code in v-add-letsencrypt-domain

well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known

this line should pick $docroot from the config file rather than hard-coding it..right?

@serghey-rodin

anujgakhar avatar Mar 16 '20 13:03 anujgakhar

bugfix = https://github.com/serghey-rodin/vesta/pull/1981

Or

sed -i 's/-gt 10/-gt 20/g' /usr/local/vesta/bin/v-add-letsencrypt-domain;
sed -i 's/sleep 1/sleep 2/g' /usr/local/vesta/bin/v-add-letsencrypt-domain;
sed -i "/sleep 5/d" /usr/local/vesta/bin/v-add-letsencrypt-domain;
sed -i 's#validation=\x27pending\x27#validation=\x27pending\x27\nsleep 5#g' /usr/local/vesta/bin/v-add-letsencrypt-domain;

And done!

carlosfriascf avatar Mar 18 '20 05:03 carlosfriascf

@carlosfriascf this has nothing to do with the le 400 error that @anujgakhar has in this issue...

ScIT-Raphael avatar Mar 18 '20 07:03 ScIT-Raphael

@carlosfriascf this has nothing to do with the le 400 error that @anujgakhar has in this issue...

@ScIT-Raphael this solve the actually timeout error mentioned in the report.

carlosfriascf avatar Mar 18 '20 15:03 carlosfriascf

@carlosfriascf yup, you're right

ScIT-Raphael avatar Mar 18 '20 15:03 ScIT-Raphael

Same 400 error

Debian 9.12 nothing helps

rasdotsu avatar Apr 05 '20 16:04 rasdotsu

One of the cause of the error is if you have redirected http requests to https, i disabled my redirect and it worked

kapkory avatar Apr 12 '20 13:04 kapkory

do you have cloudflare enabled? I'm having the same problem where I have to turn off CF's proxy in order to pass that validation. How can we get that 400 error fixed? I don't know where to look

dvgui avatar Apr 19 '20 20:04 dvgui

i have resolve , it cause by dns problem, bind service down

systemctl status bind9 Aug 09 17:22:30 wyi named[14633]: /etc/bind/named.conf.options:21: unknown option '-validation'

just comment this line

it is ok now

snsnsjsn avatar Aug 09 '20 09:08 snsnsjsn

make comment return 301 line at nginx config file. L.E can not access to well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known bacause of you are forcing to https. It is looking at http. So you get validation error. Disable forcing from http to https and then try renew certificate. %80 you will success if there is no another reason.

change nginx 80 port's config from

server {
    listen      111.22.2.111:80;
    server_name domain.com www.domain.com;
    return 301 https://domain.com$request_uri;
    root        /home/user/web/domain.com/public_html;
    index       index.php index.html index.htm;
...
}

to

server {
    listen      111.22.2.111:80;
    server_name domain.com www.domain.com;
    #return 301 https://domain.com$request_uri;
...
}

then try to renew certificate.

ayyilmaz avatar Aug 23 '20 13:08 ayyilmaz