HestiaCp Log: ‘deleted dns record 25/added CAA dns [email protected]

Hello Friends,

I’m running HestiaCP 1.3.0

I have 15 DNS record form my main hosted domain.

The HestiaCP-logs show something strange happening.

‘deleted dns record 25/added CAA dns [email protected]…’

It never happened before.

This started on 10 Nov 2020 and since then it happening daily.

Below is the screen shot;

Any help assistance and guidance will be helpful.

Can you check the when the certificate expires of the domain

I think failing the renewal of Let encrypt is the issue.

Eris thanks for your reply. Initially I also though so as well. Apparently, it does not seem to be LE-SSL.

The SSL set up was done on the day I shifted on to HestiaCP: Sep 11 12:48:42 2020 GMT

SSL expiry will be: Dec 10 12:48:42 2020 GMT


Renewals start 30 days before expires and seems to be failing.

Please the the following line on line 198 of /usr/local/hestia/bin/v-add-letsencrypt-domain

echo "$user - $domain - $answer" >> "/var/log/hestia/letsencrypt-debug.log"

It should look like:

When that is done run the command:

v-add-letsencrypt-domain user domain.com www.domaim.com

It will mostlikely fail with an error code as:
**Error: Let’s Encrypt xxxxxx **

Then check /var/log/hestia/letsencrypt-debug.log

And share the error here and on GitHub.

Eris, thanks for your reply. I was adding a post on WordPress. Let me finish it and do the steps you suggested. I’ll get back again.

Hello Eris,

I’ve done > sudo nano /usr/local/hestia/bin/v-add-letsencrypt-domain

See my screenshot below;

I’ve highlighted the cursor position on; line 198 highlighted in ‘red’

echo “$user - $domain - $answer” >> “/var/log/hestia/letsencrypt-debug.log”

The above line-item is missing……(see screen shot below;)

Put it between status and the if statement

I was wrong it should line 195

Hello Eris,

I’ve done the steps as you suggested.

And the error message is;

Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

below is the screenshot of error details of /var/log/hestia/letsencrypt-debug.log

On Github, do I put its as and additional ‘comment’ to open ticket https://gist.github.com/jaapmarcus/db87d7d1086608b7e57e1ce57c752a1f#file-gistfile1-txt-L195


Do I open a separate ticket?

Please let me know and I will do so as you advise.

Please add an additional comment.

What happens when you disable fore redirect ssl and try to request the domain again?

Hi Eris,
#1: I have attached all the logs and comment on Github as you advised.

#2: I was not sure what you meant by “What happens when you disable fore redirect ssl and try to request the domain again?”

Do you mean to Disable/Enable cron-script;
sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl


Retry: v-add-letsencrypt-domain admin mydomain.com www.mydomain.com

Disable the second checkbox and then run
v-add-letsencrypt-domain admin mydomain.com www.mydomain.com

Then enable it again

Eris thanks,

#1: Disabled Automatic HTTPS redirection > SAVE

#2: run command ; v-add-letsencrypt-domain admin mydomain.com www.mydomain.com

No error message this time.
Checked Domain SSL Status and it worked as shown below;

LE-Renewal Success

#3. RE-Enabled Automatic HTTPS redirection > SAVE

All good and everything fixed!

Thanks again.

Do you want me to add all these info in the Github-ticket comment?

Please do,

I think we need to investigate what caused the issue

Thanks for confirming anyway :slight_smile:

Thanks Eris,

I just updated the comment on GitHub about steps done today successfully.