Problem when trying to add Let's Encrypt to Email

Today, I tried to activate email ssl to domain name, but when I select add ssl and use Let’s Encrypt it loads but freezes and it blocks me to use hestiacp again until I restart the vps server
Please help

Hi @masterdz,

Check that you have enough free space:

df -h

You should also check the log files:

/var/log/hestia/error.log
/var/log/hestia/nginx-error.log

You could also try to issue the certificate from command line (as user root):

Note: In this example I will use masterdz as your user and example.com as your domain. Check that you have already created these DNS A records pointing to your server’s ip ( mail.example.com and webmail.example.com) before executing this command:

v-add-letsencrypt-domain masterdz example.com '' yes

And show the output.

1 Like

Thank you for the help sir
here is the volume check:

Filesystem      Size  Used Avail Use% Mounted on
udev            3.9G     0  3.9G   0% /dev
tmpfs           795M  8.7M  786M   2% /run
/dev/sda3       194G  8.1G  176G   5% /
tmpfs           3.9G  1.2M  3.9G   1% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda2       2.0G  216M  1.7G  12% /boot
tmpfs           795M     0  795M   0% /run/user/0

But when I try to check the log file I get this:
-bash: /var/log/hestia/error.log: Permission denied
I think because I changed the ssh port ? I’m using ssh via root user name

This is what I get in the log

2023-12-22 12:20:15 v-add-user-sftp-jail  'syslog' 'no' [Error 3]
2023-12-22 12:20:15 v-add-user-sftp-jail  'syslog' 'no' [Error 3]
2023-12-22 12:32:04 v-add-letsencrypt-user  [Error 1]
2023-12-22 12:32:18 v-add-letsencrypt-user  'winakol.com' [Error 3]
2023-12-22 12:34:38 v-add-user-sftp-jail  'syslog' 'no' [Error 3]
2023-12-22 12:34:38 v-add-user-sftp-jail  'syslog' 'no' [Error 3]

Ok, you have a lot of free space.

Did you execute that command manually or do you have a user with name winakol.com?

What about the other log and the command I said you should execute manually to add the cert?

Hello, sorry, this is the ngix log
2023/12/22 12:47:23 [error] 1143#0: *8 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 41.200.180.14, server : _, request: “POST /edit/mail/?domain=winakol.com&token=da03875e35cfd0278850ded 8e51dbc35 HTTP/2.0”, upstream: “fastcgi://unix:/run/hestia-php.sock”, host: “cp. winfood.store:8083”, referrer: “https://cp.winfood.store:8083/edit/mail/?domain= winakol.com&token=da03875e35cfd0278850ded8e51dbc35”
2023/12/22 12:57:54 [error] 1143#0: *10 upstream timed out (110: Connection time d out) while reading response header from upstream, client: 197.207.204.231, ser ver: _, request: “POST /edit/mail/?domain=winakol.com&token=da03875e35cfd0278850 ded8e51dbc35 HTTP/2.0”, upstream: “fastcgi://unix:/run/hestia-php.sock”, host: " cp.winfood.store:8083", referrer: “https://cp.winfood.store:8083/edit/mail/?doma in=winakol.com&token=da03875e35cfd0278850ded8e51dbc35”

and I used the automatic Let’s Encrypt process, but it keeps loading and prevent me to use the hestiacp panel until I restart it via SSH :confused:

Do you have enough memory?

free -m

After a couple of minutes you should try to press F5 or Ctrl + R in your browser.

Anyways, try to add the certificate via command line as I said in my previous post:

v-add-letsencrypt-domain YourUser YourDomain.tld '' yes

Memory is good

root@cp:~# free -m
              total        used        free      shared  buff/cache   available
Mem:           7945        1768        5476          28         700        5906
Swap:             0           0           0

I tried the manual method but nothing happens it’s like freezing, I think Let’s Encrypt website banned my domain name to request new certificate again :confused:

That’s not something that Let’s Encrypt does. It is certainly possible that you exceeded their rate limits though. You may find details on your logs.

Specifics on the rate limits can be found here.

1 Like

What means nothing happens? It ends and no output? It doesn’t end?

The domain you are trying is winakol.com ?

You can try to debug the command:

Replace YourUser and YourDomain.tld with the actual data

bash -x /usr/local/hestia/bin/v-add-letsencrypt-domain YourUser YourDomain.tld '' yes
1 Like

@linkp you are right, I tried to issue a certificate for its domain (webmail and mail subdomains) and Let’s Encrypt is not allowing to issue a new one because it reached the limit of 5 certificates for the same subset of domains.

Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: mail.winakol.com,webmail.winakol.com, retry after 2023-12-23T05:02:10Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
  "status": 429

@masterdz

Please, show the output of these commands because maybe your certs are already there:

Replace YourUser and YourDomain.tld with the actual data.

ls -l /usr/local/hestia/data/users/YourUser/ssl/
ls -l /home/YourUser/conf/mail/YourDomain.tld/ssl/
1 Like

Yes, As I thought about, here are the results of those 2 command lines
root@cp:~# ls -l /usr/local/hestia/data/users/user/mail/
total 44

-rw-rw---- 1 root root 217 Dec 22 14:08 winakol.com.conf
-rw-rw---- 1 root root 891 Dec 22 12:19 winakol.com.pem
-rw-rw---- 1 root root 272 Dec 22 12:19 winakol.com.pub
root@cp:~# ls -l /home/user/conf/mail/winakol.com/ssl/
total 0

I edited my last post, the first dir is:

ls -l /usr/local/hestia/data/users/YourUser/ssl/

Yes, here is the result:
root@cp:~# ls -l /usr/local/hestia/data/users/user/ssl/
total 128
-rw-rw---- 1 root root 857 Dec 15 20:41 le.conf
-rw------- 1 root root 3243 Dec 15 20:41 user.key
-rw-rw---- 1 root root 3750 Dec 17 11:30 winakol.com.ca
-rw-rw---- 1 root root 2126 Dec 17 11:30 winakol.com.crt
-rw-rw---- 1 root root 3243 Dec 17 11:30 winakol.com.key
-rw-rw---- 1 root root 5877 Dec 17 11:30 winakol.com.pem

Ok.

For some weird reason, issuing a certificate from Web UI is hanging, the certificate is issued by Let’s Encrypt but Hestia didn’t complete to save the cert and configure it for your domain. Why? I’ve no idea.

If you want to try again, try it tomorrow 2023-12-23 from 05:02:10 GMT using the command line.

Yes, that’s the problem,
Ok sir I will try tomorrow and tell you the result
thank you so much for the help

1 Like

THanks a lot Mr linkp
yes I am sure I reached the limits, I will check the logs

1 Like

In addition to certificates issued, there are also limits for failed attempts and pending authorizations.

You may want to test using the Let’s Encrypt staging CA. Just remember to switch back to the production CA once you know everything should be working since the Staging CA certificates are not trusted.

1 Like