What does mail domain SSL renewals?


I’m trying to work out why the SSL’s are not renewing on a server. The websites work ok, but the mail domains are not renewing. Is it /usr/local/hestia/bin/v-update-letsencrypt-ssl that handles this? Are there any tests I can do to see why its not working?



Yes v-update-letsencrypt-ssl handles it …

It should create a call to v-add-letsencrypt-domain user domain ‘’ yes

Thanks. Does that handle web domains, as well as mail? It doesn’t seem to run anything:

v-add-letsencrypt-domain cybernet foo.net ‘’ yes

If I do:

cd /var/log/hestia
tail -n20 -f *.log

and then run that, I get:

2023-12-01 14:27:12 v-restart-service ‘nginx’ ‘’
2023-12-01 14:27:12 v-restart-service ‘nginx’ ‘’
2023-12-01 14:27:14 v-generate-ssl-cert ‘mail.foo.net’ ‘[email protected]’ ‘US’ ‘California’ ‘San Francisco’ ‘Hestia’ ‘IT’ ‘webmail.foo.net
2023-12-01 14:27:17 v-restart-service ‘dovecot’ ‘updatessl’
2023-12-01 14:27:18 v-restart-service ‘exim4’ ‘updatessl’
2023-12-01 14:27:18 v-update-mail-domain-ssl
2023-12-01 14:27:18 v-add-letsencrypt-domain ‘cybernet’ ‘foo.net’ ‘’ ‘yes’
2023-12-01 14:28:01 v-restart-service ‘apache2’ ‘ssl’
2023-12-01 14:28:03 v-restart-service ‘nginx’ ‘ssl’

(domain replaced :)) … yet the SSL stays the same:


Ok I think I’m making progress. I can see in /usr/local/hestia/data/users/cyber/mail.conf :



So I reset that to 0, and then run again - and it worked this time :slight_smile: Just to make sure others were not affected -I run:

grep -r LETSENCRYPT_FAIL_COUNT /usr/local/hestia/data/users/

Which showed me there were a couple of others that were not working right. So I reset those, and all good now. The issue I think came from when an update run. I have a script I run that “fixes” up the nginx /apache templates to add in the ipv6 listeners, otherwise LE fails. But this time when nginx changed, it changed the “SSL http2” to “SSL”, which broken my script. I fixed that up quickly, but I guess not before the LE stuff had tried to renew and failed multiple times



That would explain why it didn’t run …