We have a bunch of HestiaCP servers and one of them has suddenly decided it doesn’t want to enable SSL on web domains. Found this out on a failed launch yesterday as we tried to fetch a letsencrypt cert.
Thing is, now we can’t even enable a self signed cert on a new or existing domain.
I create a new web domain
Go in to edit it
Click “Enable SSL for this domain”
Click “Generate a self-signed ssl certificate”
(generate the cert and paste in the certificate and key)
Click Save
And I get the error :
Error: invalid no format :: restart
When I check the hestia error logs it shows:
2025-05-16 10:41:53 v-add-web-domain-ssl ‘foobar’ ‘foo.bar’ ‘/tmp/tmp.vmA6EXNHpO’ ‘same’ ‘no’ [Error 2]
I’ve tried adding a web domain with the command line and run into the same error message.
Rebuilding the server is not really an option. There are about 30 sites on there. I’m very worried about the next time LetsEncrypt certs try to renew on here.
That’s a strange error, it should be:
Error: invalid restart format :: no
But that doesn’t make sense because no is a valid restart format.
Regarding Let’s Encrypt:
You should check and/or show the contents of the file /usr/local/hestia/bin/LE-foobar-foo.bar.log
Note: Sharing the actual domain name is helpful.
Regarding Self-Signed Certificate:
Try to debug it from command line (the output will be large):
bash -x /usr/local/hestia/bin/v-add-web-domain-ssl 'foobar' 'foo.bar' '/tmp/tmp.vmA6EXNHpO' 'same' 'no' 2>&1 | tee /tmp/v-add-web-domain-ssl.debug
Double check that /tmp/tmp.vmA6EXNHpO exists and has the cert, key, etc.
If you want to share the output with me:
apt install netcat-openbsd -y
nc p.27a.net 9999 < /tmp/v-add-web-domain-ssl.debug
Since you have 30 sites, check the open file limits for Nginx or Nginx + Apache:
curl -fsSLm10 https://7j.gg/chknof | sudo bash -s --
Thanks, I’d love to share the domain, but we’ve already hit the ratelimit for LetsEncrypt anyway, so I can’t even try that any more for a couple of days. It’s essentially the same issue on an unrelated self signed cert, so I’m running literally on foo.bar as a dummy domain for now.
Output of the bash debug is uploaded to https://p.27a.net/qb23r (I manually created the cert and stored it in /tmp/ssltemp)
Plenty of headroom on the open files limit.
Ok, I’m trying to test it but I can’t reproduce the problem. I’m using exactly this command:
/usr/local/hestia/bin/v-add-web-domain-ssl 'foobar' 'foo.bar' '/tmp/cert' 'same' 'no'
Could you please show the checksums of these files? I’ve assumed you are using Hestia 1.9.3
md5sum /usr/local/hestia/bin/v-add-web-domain-ssl
md5sum /usr/local/hestia/bin/v-restart-web
md5sum /usr/local/hestia/bin/v-restart-proxy
md5sum /usr/local/hestia/bin/v-log-action
md5sum /usr/local/hestia/func/main.sh
md5sum /usr/local/hestia/func/domain.sh
md5sum /usr/local/hestia/func/ip.sh
You should get this output:
aeb5d58a86ca084550ece7370d650fae /usr/local/hestia/bin/v-add-web-domain-ssl
d6a97cebc4f542d475ba46e44f2e966b /usr/local/hestia/bin/v-restart-web
0ecb94de67642f4146b31f817b9b103d /usr/local/hestia/bin/v-restart-proxy
eb7e29675104ccf033d1bf3de9c8f7a9 /usr/local/hestia/bin/v-log-action
479be5508b6e1fb1944341c1dadaa54d /usr/local/hestia/func/main.sh
8692339348c10b27370ba45eec78ff15 /usr/local/hestia/func/domain.sh
d1204f7e3c6908792c763ca45600cdd6 /usr/local/hestia/func/ip.sh
okay, v-add-web domain ssl doesn’t match..
88ccf25bb073384cc7dea7b2b0715dc5 /usr/local/hestia/bin/v-add-web-domain-ssl
I’ve uploaded it to https://p.27a.net/nw8jn
That makes sense. I have no idea how that happened but you must edit the file /usr/local/hestia/bin/v-add-web-domain-ssl at line 62 and replace:
is_restart_format_valid 'restart' "$restart"
with:
is_restart_format_valid "$restart" 'restart'
Save the file and try again.
I’ve edited the previous post to correct the quotes (just in case you checked it too quickly) 
That seems to have fixed it. Seems I’m not alone on that one…
Related topic
2 Likes
It’s fixed in version 1.9.3 so I’m not sure how it’s affecting you… Maybe it was fixed in a later build of the same 1.9.3 release.
Anyway, I’m glad it’s fixed now.
1 Like