TLS Error connection Error while reading file


Before i post this issue, i`ve tried all best my knowledge. My server setup :
. Ubuntu 20.04 LTS
. Hestiacp 1.4.14
. Exim 4.93
. Dovecot

SSL Using Public SSL Wildcard. Configuration SSL Successful. and web server running.

incoming mail always late but outgoing always shown error but sent to the aim.

Exim error :

TLS error on connection from [] (cert/key setup: cert={/usr/local/hestia
/ssl/certificate.crt} key={/usr/local/hestia/ssl/certificate.key}): Error while reading file.

Dovecot Error :

Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert

Found this topic,

But solution is using Letsencrypts.

I need to try without letsencrypt first because i`ve own Public SSL.


Found the issue and Solution. after mediation with lot of cigarettes and coffee.

Generate TLS

sudo /usr/share/doc/exim4-base/examples/exim-gencert

it will generate crt and key, so, i copy my ssl with same directory that crt.
owner : root
group : mail

Small impact big changes.

editing /etc/exim4/conf.d/main/03_exim4-config_tlsoptions and adding the following:

Second, configure Exim4 to use the saslauthd for authentication by editing /etc/exim4/conf.d/auth/30_exim4-config_examples and uncomment the plain_saslauthd_server and login_saslauthd_server sections:

   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   # don't send system passwords over unencrypted connections
   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
   server_set_id = $auth1
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

sudo chown root:Debian-exim /etc/exim4/passwd
sudo chmod 640 /etc/exim4/passwd



I have a similar problem.

Ubuntu 18.04
Hestia CP 1.4.14

When I create a mail domain, no certificate link is created under /usr/local/hestia/ssl/mail.

The certificate is generated under /home/%user%/conf/%domain%/ssl.

The result:
When sending, the server certificate is used, but not by the individual domain.

The error does not occur under Debian 10.

Best regards


Corrective action: Delete all SSL certificates and then create new ones.

Did you restored from a backup?

No. It is therefore surprising that the certificates were gone.

I assume that you updated from 1.4.12 or before to directly 1.4.14?

But the force rebuild should fixed the issue.

I see now that the force rebuild is missing

We really need to improve this rebuilding part…

No, it was an update from 1.4.2 to version 1.4.14.

Then you had the same issue. It will indeed explain the issue…

We need to improve and set certain conditions per version:

like i explain above, my solution,

  1. Generate crt from exim4, than copy a own ssl to directory installed the exim4 crt,
  2. Rename own ssl into exim4 crt
  3. restart exim service


As told v-rebuild-mail-domains should solve the issue

It is a bug in our update system…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.