EXIM TLS Key not found

Hi All,

I have an issue with hestiacp and exim when receiving mail.

2020-03-21 12:42:45 TLS error on connection from mail-pf1-f173.google.com[] (cert/key setup: cert=/usr/local/hestia/ssl/certificate.crt key=/usr/local/hestia/ssl/certificate.key): Error while reading file.

Some mail servers only use TLS so cannot receive mail from there.

Found something from vestacp that this should be solved with:

chmod 664 /etc/exim4/domains/$mydomain/aliases

but did not help.

So I know I could fix this with
copying over or symlink Key and Cert from

but that would fix this only for one domain, wouldn’t it?

I have Hestiacp 1.1
Debian Stretch Up2date

I think this problem was already present before upgrading to 1.1

please help



Hi @atomskii

Thanks for your request! I think the easiest way is to run v-add-letsencrypt-host, this will generate a let’s encrypt ssl certificate for you host domain and will also add it to the most common services like exim, dovecot, hestiabackend and vsftp.

Thank you very much for your replay.
v-add-letsencrypt-host did it.

would you be so kind to explain the magic that is happening here, I would like to understand:

is symlinked to

and when I check the certifcate at /home/atom/conf/web/mydomain.at/ssl/mydomain.crt
Its issued for my server FQDN and not mydomain.at

But when I do a Mail deliver test with this: https://www.checktls.com/TestReceiver
The Cert I see there is the correct one for mydomain.at I created with hestiacp, by enableing TLS with Letsencrypt option?

So everything is working like expected, but why? :smiley: