Debian 9 / Ubuntu 18.04 LetsEncrypt Error

Hi there, I tried to install hestiacp on both Debian 9 and Ubuntu 18.04

I have a problem moving forward due to this errors when I set Cloudflare to OFF/FULL SSL and disable other https/dns setting

First run: v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'
Reply: Error mail domain does not exist

When i add domain on hestiacp mail domains: (BTW why the domain is not auto added as mail server domain on setup?)
Reply: Error 400 until such time i got Error 429

If i use v-add-letsencrypt-domain 'admin' $HOSTNAME it will successfully issue ssl. but only for the domain listed on web. the mail version of the domain will still be non-ssl and will have error 400-429.

Even i entered a totally different domain, and tried both in CLI and hcp panel. it will still pop up error 400 let encrypt.

Any help about this?

Hi @simonsoft

It looks like you want to enable a let’s encrypt certificate for the hestia backend service. The cli command has some changes due to the mail ssl expand, this could be the reason you get the error message above of the missing mail domain.

Please check out the new v-add-letsencrypt-host command, it will add you a certificate for the hostname and install it to all services including backend, mail and ftp.

Hi @ScIT, i tried to rebuild my VPS again as Debian 9 using

bash hst-install.sh -v no -k no -s mydomain -e [email protected] -p password

After reboot,mydomain is not added to the Mail section of hcpanel. I have to manually add it. (Is this the case? I think previous installers automatically register the mydomain as mailserver.)

I ran v-add-letsencrypt-host but only the Web section mydomain is SSLed. Mail section mydomain is still not SSLed.

I also tried to edit mydomain in the Mail section, and manually click Enable/Use LE. Prompt is: Error: Let’s Encrypt validation status 400

Tried using Cloudflare SSL Off, SSL Full, SSL Flexible, Low, Off, Under development, DNS only modes. Still no luck.

make sure your dns records is set properly

for example:
webmail.domain.com
mail.domain.com

and it’s pointing to your server ip
i was using Cloudflare and i got the same issues so hopefully it will fix that problem :slight_smile:

2 Likes

No, this is normal, only a web domain will be added - on vesta you had web, dns, mail and db, we reduced this to web only.

This was a missunderstanding, I thought you’re speaking from the backend. For mail you’re on the right way, check what @alber wrote and it should work. We’ve added on the new release a text box with additional informations to prevent any issue.

@ScIT sorry for the confusion, yesterday i was using an old saved note of mine. it was still using v-add-letsencrypt-domain ‘admin’ $HOSTNAME ‘’ ‘yes’ format, the CLI will throw domain not added so i have to add on the web panel. then when i run that code again on cli, its error 400 till error 429… If i do the clicking of SSL in the web panel itself, it still error 400.

but now im following your advise to use v-add-letsencrypt-host no errors on cli, except that my root domain cant be SSLed as mail domain in cli/webpanel , so i will have to try @alber recommendation of making other subdomain.

Did you added your mail domain as “mail.domain.tld”? if yes, this is wrong, just add it as “domain.tld”.

Just add the mail domain and verify, that both dns record are created as @alber wrote. If you do it, it should work without any issues. Let’s Encrypt Error 400 is mostly a dns or connection issue.

what is the domain name and please share the screenshot of your DNS records on cloudflare.

Please do not request for dns, domain names or ip addresses, this are probaly confidential informations and are usualy not needed for resolving the issue.

setup the domain like this

There is no need to hide your ip address, if you don’t hide your domain name - in special mail.yourdomain.tld which points to your real ip :smile:.

1 Like

There should be no need to reinstall the vps, just remove the mail domain and add if needed. Just verify dns settings for mail.domain.tld and webmail.domain.tld are pointing to your ip, like @alber did.

hehehe i’m dumbo :smiley:

Ill be right back, rebuild still pending

put cName -
webmail - @

and try to install the SSL via Panel
by going to mail tab then select the hostname/domain

and click on ‘Edit Mail Domain’

Enable SSL for this domain

remove mail.domain.tld (from MAIL tab) // https://prnt.sc/r731k2

and add the DNS records as i told you

and try to repeat this step again - https://prnt.sc/r731u8

Add CNAME and A Record
mail @ (your server IP)
webmail @ mail.domain.tld

like this and also make sure the webmail and mail subdomains are not being proxied by Cloudflare.

You don’t create a ssl certificate for the root mail domain, you will create a certificate for mail.domain.tld and webmail.domain.tld.

Please remove mail.domain.tld domain and verify the dns records - then request a new certificate for the mail domain (mail -> edit domain -> check ssl support -> check let’s encrypt -> save). Infact you’ve got a working certificate for hostname (and backend), this should also work for mail - it’s the same way of certificate verification.

If this not works, please send me a message to [email protected] with Cloudflare and SSH login informations, so we can have a look.

You missunderstood me, you just need to add domain.tld as mail domain, then enable lets encrypt. The system will automatically generate the certs for mail.domain.tld and webmail.domain.tld. Infact you hit the 429 error, which is the max certificate limit, you probaly have to wait a week or change the public ip. But anyway, you still can try to generate the propper cert.

1 Like