This error has been bothering me for quite a while. Whenever it happens, I have to start a support ticket at the Hostwinds data center. But I have never figured out how they got the problem solved.
After talking to people of HestiaCP and fiddling with things here and there, now I have figured two reasons that could have caused this problem:
(1) A record vs AAAA record – to ensure a new domain gets resolved to the server IP I tend to enter both the A (IPv4) and AAAA (IPv6) records for a domain. That was part of the problem. Once I have done this, then I will encounter this problem: I could not issue a Lets Encyrpt SSL certificate to a domain from the Hestia Control Panel (getting the 400 error) but I could do it from the command line:
v-add-letsencrypt-domain user domain.com
(2) NGINX service has to be stopped first and restarted – after removing AAAA records from all domains, once in a while I still get the error. This is the time I have to stop the NGINX service first and then restart it. Note that simply clicking the Restart icon from Hestia Control Panel did not work. You have to stop it first and then restart.
If you continue to have this 400 error, make sure you do step 2 of the above, then you can issue Lets Engcrypt SSL from the Hestia Control Panel again.