Hi there, I tried to install hestiacp on both Debian 9 and Ubuntu 18.04
I have a problem moving forward due to this errors when I set Cloudflare to OFF/FULL SSL and disable other https/dns setting
First run: v-add-letsencrypt-domain 'admin' $HOSTNAME '' 'yes'
Reply: Error mail domain does not exist
When i add domain on hestiacp mail domains: (BTW why the domain is not auto added as mail server domain on setup?)
Reply: Error 400 until such time i got Error 429
If i use v-add-letsencrypt-domain 'admin' $HOSTNAME it will successfully issue ssl. but only for the domain listed on web. the mail version of the domain will still be non-ssl and will have error 400-429.
Even i entered a totally different domain, and tried both in CLI and hcp panel. it will still pop up error 400 let encrypt.
It looks like you want to enable a let’s encrypt certificate for the hestia backend service. The cli command has some changes due to the mail ssl expand, this could be the reason you get the error message above of the missing mail domain.
Please check out the new v-add-letsencrypt-host command, it will add you a certificate for the hostname and install it to all services including backend, mail and ftp.
Hi @Raphael, i tried to rebuild my VPS again as Debian 9 using
bash hst-install.sh -v no -k no -s mydomain -e my@email -p password
After reboot,mydomain is not added to the Mail section of hcpanel. I have to manually add it. (Is this the case? I think previous installers automatically register the mydomain as mailserver.)
I ran v-add-letsencrypt-host but only the Web section mydomain is SSLed. Mail section mydomain is still not SSLed.
I also tried to edit mydomain in the Mail section, and manually click Enable/Use LE. Prompt is: Error: Let’s Encrypt validation status 400
Tried using Cloudflare SSL Off, SSL Full, SSL Flexible, Low, Off, Under development, DNS only modes. Still no luck.
No, this is normal, only a web domain will be added - on vesta you had web, dns, mail and db, we reduced this to web only.
This was a missunderstanding, I thought you’re speaking from the backend. For mail you’re on the right way, check what @alber wrote and it should work. We’ve added on the new release a text box with additional informations to prevent any issue.
@Raphael sorry for the confusion, yesterday i was using an old saved note of mine. it was still using v-add-letsencrypt-domain ‘admin’ $HOSTNAME ‘’ ‘yes’ format, the CLI will throw domain not added so i have to add on the web panel. then when i run that code again on cli, its error 400 till error 429… If i do the clicking of SSL in the web panel itself, it still error 400.
but now im following your advise to use v-add-letsencrypt-host no errors on cli, except that my root domain cant be SSLed as mail domain in cli/webpanel , so i will have to try @alber recommendation of making other subdomain.
Just add the mail domain and verify, that both dns record are created as @alber wrote. If you do it, it should work without any issues. Let’s Encrypt Error 400 is mostly a dns or connection issue.
Please do not request for dns, domain names or ip addresses, this are probaly confidential informations and are usualy not needed for resolving the issue.
There should be no need to reinstall the vps, just remove the mail domain and add if needed. Just verify dns settings for mail.domain.tld and webmail.domain.tld are pointing to your ip, like @alber did.
You don’t create a ssl certificate for the root mail domain, you will create a certificate for mail.domain.tld and webmail.domain.tld.
Please remove mail.domain.tld domain and verify the dns records - then request a new certificate for the mail domain (mail → edit domain → check ssl support → check let’s encrypt → save). Infact you’ve got a working certificate for hostname (and backend), this should also work for mail - it’s the same way of certificate verification.
If this not works, please send me a message to [email protected] with Cloudflare and SSH login informations, so we can have a look.
You missunderstood me, you just need to add domain.tld as mail domain, then enable lets encrypt. The system will automatically generate the certs for mail.domain.tld and webmail.domain.tld. Infact you hit the 429 error, which is the max certificate limit, you probaly have to wait a week or change the public ip. But anyway, you still can try to generate the propper cert.
.
