Usually, the error: let’s encrypt validation status 400 occurs while installing Let’s Encrypt SSL for domains from the control panel.

Here at Bobcares, we have seen several such SSL related issues as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at the cause for this error and how to fix it.

What causes the error: let’s encrypt validation status 400 to occur

This error occurs when we try to install Let’s Encrypt SSL for domains from the control panel. Now let’s look into the different reasons for this error to occur.

• Incorrectly mentioning the well_known path in /usr/local/vesta/bin/v-add-letsencrypt-domain.
• The domain is not resolving to the correct server IP or it has an improper DNS record.
• There is some connection problem.
• There is no proper $domain variable in “v-add-letsencrypt-domain” file
• “force HTTPS” and “fix HTTP” is enabled in Cloudflare
  Even though a DNS record in the parent zone is present, your zone doesn’t have the correct DNSKEY. As a result, your DNSSEC is broken. This blocks Letsencrypt to find a correct – signed – IP address. It might be due to any changes in the DNS provider. Your old provider might support have supported DNSSEC, whereas your new provider doesn’t.

How we fix the error: let’s encrypt validation status 400

Now let’s see the suggestions our Support Engineers provide to our customers to resolve this error message.

1. Make sure that the well_known path is correct

2. Try re-installing the Control Panel if it is a fresh installation.

3. You would need to allow a connection between the let’s encrypt and server.

4. There must be a proper $domain variable in “v-add-letsencrypt-domain” file

5. Another option to resolve this error is to solve by running the below code:

wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user 1 -O $VESTA/bin/v-add-letsencrypt-user
chmod +x $VESTA/bin/v-add-letsencrypt-domain
chmod +x $VESTA/bin/v-add-letsencrypt-user

6. Try disabling “force HTTPS” and “fix HTTP” in Cloudflare. Below are the steps to do the same.

In Cloudflare Dashboard > Crypto > ‘SSL’ set it to OFF & also set ‘Always use HTTPS’ to OFF

/usr/local/vesta/bin/v-add-letsencrypt-domain user domain > Success!

In Vesta CP > User > Rebuild Web

After the above, wait for 60 seconds and then return CF settings to the previous setting.

7. Add DNSSEC to your domain or you can ask your DNS provider to start an action to remove the DNS in the parent zone.

[Need any assistance in fixing SSL errors? – We’ll help you]

Conclusion

In short, this error occurs while installing Let’s Encrypt SSL for domains from the control panel. Today, we saw the solution to this error.