Error: Let's Encrypt validation status 400
-
viaricardo
- Posts: 1
- Joined: Thu Sep 24, 2020 12:42 pm
- Os: CentOS 6x
- Web: apache
Re: Error: Let's Encrypt validation status 400
I will post something that worked for me.
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
Scenario:
First of all, my setup is a virtual machine with 3 network interfaces behind lan nat and the server need to respond all services on all interfaces. If you are not behind a Firewall NAT, let's assume you have two public ips at your server.
My VestaCP setup is:
VestaCP + Apache + Exim/Dovecot + FTP
Problem:
SSL Error 400 using let's encrypt
Server doesn't respond at all interfaces at same time.
At panel, with any IP configuration, I got a undesirable behaviour, at most of times it answered only at one interface or only one protocol.
Solution:
1) Check if the nat firewall rules are pointing right to your server. You need to do it for all active services ports, at my case it was:
- DNS (53) you could check if it is running with command:
- FTP + SSL (21, 990) check:
- Mail + SSL (25, 110, 143, 465, 587, 993, 995, 2525) check: --and--
- Web + SSL (80, 443) check:
If netstat+grep doesn't respond anything, the service not running could be your problem, so, *THIS POST WILL NOT HELP YOU* unless you fix the service first.
2) To check your firewall configuration from outside, you could check if the ports are open using this tool: https://www.yougetsignal.com/tools/open-ports/
2) BACKUP BEFORE , then edit the Apache Virtual Hosts Files both for 80 and 443 ports:
HTTP:
At first line, it's look like:
Change the IP to an asterisk *, it will looks like:
HTTPS:
At first line, it's look like:
Change the IP to an asterisk *, it will looks like:
3) Restart Apache
4) Go to desired account at VestaCP > WEB and click EDIT, Disable SSL and Let's Encrypt, Save, Enable it again, Save.
That's all worked for me. I hope it helps!
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
Scenario:
First of all, my setup is a virtual machine with 3 network interfaces behind lan nat and the server need to respond all services on all interfaces. If you are not behind a Firewall NAT, let's assume you have two public ips at your server.
My VestaCP setup is:
VestaCP + Apache + Exim/Dovecot + FTP
Problem:
SSL Error 400 using let's encrypt
Server doesn't respond at all interfaces at same time.
At panel, with any IP configuration, I got a undesirable behaviour, at most of times it answered only at one interface or only one protocol.
Solution:
1) Check if the nat firewall rules are pointing right to your server. You need to do it for all active services ports, at my case it was:
- DNS (53) you could check if it is running with command:
Code: Select all
netstat -plnt |grep namedCode: Select all
netstat -plnt |grep ftpCode: Select all
netstat -plnt |grep eximCode: Select all
netstat -plnt |grep dovecotCode: Select all
netstat -plnt |grep httpd2) To check your firewall configuration from outside, you could check if the ports are open using this tool: https://www.yougetsignal.com/tools/open-ports/
2) BACKUP BEFORE , then edit the Apache Virtual Hosts Files both for 80 and 443 ports:
HTTP:
Code: Select all
/home/--username--/conf/web/--domain--.httpd.conf Code: Select all
<VirtualHost ---some-server-ip---:80>Code: Select all
<VirtualHost *:80>Code: Select all
/home/--username--/conf/web/--domain--.httpd.ssl.confCode: Select all
<VirtualHost ---some-server-ip---:443>Code: Select all
<VirtualHost *:443>Code: Select all
systemctl restart httpdThat's all worked for me. I hope it helps!
Re: Error: Let's Encrypt validation status 400
Remove the alisas and try again. It works for me.
If that doesn't work and restart the server and try again.
If that doesn't work and restart the server and try again.
