Let's Encrypt Error: validation status 400 // First Domain is working! Second does not

Hello everyone,

i have setup my first domain with mail service and everything is working. I did the same with a second domain. Domain gets SSL-Cert. But SSL-Generation for the mail service returns 400 error.

DNS Checker shows that the corresponding mail.* webmail.* subdomains are available worldwide.

Any guess how to fix that? Where can i find the log files?

thanks in advance girls and guys!

le400 has been answered so many times here in the forum, please use the search function and/or check our docs: SSL Certificates and Let's Encrypt — Hestia Control Panel documentation


I feel your pain with this problem and thank you for still answering. I followed your FAQ, but it didnt help.

  1. Cloudflare proxy is enabled and SSL is set too strict.
  • no cloudfare but HTTP Strict Transport Security (HSTS) is enabled (works for first domain). i disabled it. still same problem
  1. Nginx / Apache2 is not reloading / Issue with an template
  • what do you mean with reloading? i restartet the server and the services. no changes. templates are default
  1. IPv6 is setup. Disable IPV6 in DNS
  • no ipv6 in my DNS
  1. Wrong / Incorrect template.
  • they are default.

https://letsdebug.net/ tells me everything is fine.

DNS on Netcup:
A @
CNAME mail domain.tld.
CNAME webmail domain.tld.
CNAME www domain.tld.

  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Invalid response from http://webmail.XXX.de/.well-known/acme-challenge/... [152.XXX.XXX.191]: \"\u003c!DOCTYPE html\u003e\\n\u003chtml lang=\\\"en\\\"\u003e\\n\u003chead\u003e\\n\u003cmeta charset=\\\"UTF-8\\\"\u003e\\n\u003cmeta name=\\\"viewport\\\" content=\\\"width=device-width, initial-scale=\"",
    "status": 403
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
  "token": "...",
  "validationRecord": [
      "url": "http://webmail.XXX.de/.well-known/acme-challenge/...",
      "hostname": "webmail.XXX.de",
      "port": "80",
      "addressesResolved": [
      "addressUsed": "152.XXX.XXX.191"
  "validated": "2022-03-02T14:50:53Z"

We will release an update shortly…

1 Like

ok. i saw this too :wink: i just wait for your hotfix and will go on later.

@ScIT Now i tried it again. Everything worked flawlessly after newest updates :wink: thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.