Hi,
I’m trying to work out why the SSL’s are not renewing on a server. The websites work ok, but the mail domains are not renewing. Is it /usr/local/hestia/bin/v-update-letsencrypt-ssl that handles this? Are there any tests I can do to see why its not working?
Thanks
Andy
Yes v-update-letsencrypt-ssl handles it …
It should create a call to v-add-letsencrypt-domain user domain ‘’ yes
Thanks. Does that handle web domains, as well as mail? It doesn’t seem to run anything:
v-add-letsencrypt-domain cybernet foo.net ‘’ yes
If I do:
cd /var/log/hestia
tail -n20 -f *.log
and then run that, I get:
2023-12-01 14:27:12 v-restart-service ‘nginx’ ‘’
2023-12-01 14:27:12 v-restart-service ‘nginx’ ‘’
2023-12-01 14:27:14 v-generate-ssl-cert ‘mail.foo.net’ ‘[email protected]’ ‘US’ ‘California’ ‘San Francisco’ ‘Hestia’ ‘IT’ ‘webmail.foo.net’
2023-12-01 14:27:17 v-restart-service ‘dovecot’ ‘updatessl’
2023-12-01 14:27:18 v-restart-service ‘exim4’ ‘updatessl’
2023-12-01 14:27:18 v-update-mail-domain-ssl
2023-12-01 14:27:18 v-add-letsencrypt-domain ‘cybernet’ ‘foo.net’ ‘’ ‘yes’
2023-12-01 14:28:01 v-restart-service ‘apache2’ ‘ssl’
2023-12-01 14:28:03 v-restart-service ‘nginx’ ‘ssl’
(domain replaced :)) … yet the SSL stays the same:
Ok I think I’m making progress. I can see in /usr/local/hestia/data/users/cyber/mail.conf :
LETSENCRYPT_FAIL_COUNT=‘31’
Blockquote
So I reset that to 0, and then run again - and it worked this time 
Just to make sure others were not affected -I run:
grep -r LETSENCRYPT_FAIL_COUNT /usr/local/hestia/data/users/
Which showed me there were a couple of others that were not working right. So I reset those, and all good now. The issue I think came from when an update run. I have a script I run that “fixes” up the nginx /apache templates to add in the ipv6 listeners, otherwise LE fails. But this time when nginx changed, it changed the “SSL http2” to “SSL”, which broken my script. I fixed that up quickly, but I guess not before the LE stuff had tried to renew and failed multiple times
Cheers
Andy
That would explain why it didn’t run …