Re: Error: Let's Encrypt validation status 400
Posted: Wed Oct 21, 2020 2:03 pm
I will post something that worked for me.
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
Scenario:
First of all, my setup is a virtual machine with 3 network interfaces behind lan nat and the server need to respond all services on all interfaces. If you are not behind a Firewall NAT, let's assume you have two public ips at your server.
My VestaCP setup is:
VestaCP + Apache + Exim/Dovecot + FTP
Problem:
SSL Error 400 using let's encrypt
Server doesn't respond at all interfaces at same time.
At panel, with any IP configuration, I got a undesirable behaviour, at most of times it answered only at one interface or only one protocol.
Solution:
1) Check if the nat firewall rules are pointing right to your server. You need to do it for all active services ports, at my case it was:
- DNS (53) you could check if it is running with command:
- FTP + SSL (21, 990) check:
- Mail + SSL (25, 110, 143, 465, 587, 993, 995, 2525) check: --and--
- Web + SSL (80, 443) check:
If netstat+grep doesn't respond anything, the service not running could be your problem, so, *THIS POST WILL NOT HELP YOU* unless you fix the service first.
2) To check your firewall configuration from outside, you could check if the ports are open using this tool: https://www.yougetsignal.com/tools/open-ports/
2) BACKUP BEFORE , then edit the Apache Virtual Hosts Files both for 80 and 443 ports:
HTTP:
At first line, it's look like:
Change the IP to an asterisk *, it will looks like:
HTTPS:
At first line, it's look like:
Change the IP to an asterisk *, it will looks like:
3) Restart Apache
4) Go to desired account at VestaCP > WEB and click EDIT, Disable SSL and Let's Encrypt, Save, Enable it again, Save.
That's all worked for me. I hope it helps!
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
*** Please read it all before start *** Do it at your own risk ***
Scenario:
First of all, my setup is a virtual machine with 3 network interfaces behind lan nat and the server need to respond all services on all interfaces. If you are not behind a Firewall NAT, let's assume you have two public ips at your server.
My VestaCP setup is:
VestaCP + Apache + Exim/Dovecot + FTP
Problem:
SSL Error 400 using let's encrypt
Server doesn't respond at all interfaces at same time.
At panel, with any IP configuration, I got a undesirable behaviour, at most of times it answered only at one interface or only one protocol.
Solution:
1) Check if the nat firewall rules are pointing right to your server. You need to do it for all active services ports, at my case it was:
- DNS (53) you could check if it is running with command:
Code: Select all
netstat -plnt |grep namedCode: Select all
netstat -plnt |grep ftpCode: Select all
netstat -plnt |grep eximCode: Select all
netstat -plnt |grep dovecotCode: Select all
netstat -plnt |grep httpd2) To check your firewall configuration from outside, you could check if the ports are open using this tool: https://www.yougetsignal.com/tools/open-ports/
2) BACKUP BEFORE , then edit the Apache Virtual Hosts Files both for 80 and 443 ports:
HTTP:
Code: Select all
/home/--username--/conf/web/--domain--.httpd.conf Code: Select all
<VirtualHost ---some-server-ip---:80>Code: Select all
<VirtualHost *:80>Code: Select all
/home/--username--/conf/web/--domain--.httpd.ssl.confCode: Select all
<VirtualHost ---some-server-ip---:443>Code: Select all
<VirtualHost *:443>Code: Select all
systemctl restart httpdThat's all worked for me. I hope it helps!