Since Let’s Encrypt Root Certificate Expiration, FTP connection over TLS was not working anymore even if the host Let’s Encrypt certificate was valid.
The error reported by vsftpd was
Failed to extract certificate trust path
After digging around about this, I found out that it is working when
/usr/local/hestia/ssl/certificate.crt only contain the certificate and not the full chain.
Not sure though about the other implication this could have because it seems that it is also used for exim when mails component are installed.