I have now re installed and ran the script on each server. It does indeed fail when trying to run the 'LETS ENCRYPT' portion of the setup on each server. I have set a A record for all the name servers at hosting company, pointing to each IP / hostname. its correct, i checked using "https://dnschecker.org/#A/panel.tlwebservices.co.uk" and for each hostname it all green. so i have as you tutorial shows.. panel, web01, mx1, mx2, ns1, ns2, webmail. When the portal installed, its using a self signed cert and not a lets encrypt.. Other things to note.. states i should have a /var/log/letsencrypt log. i dont. i will follow the debugging ISPConfig 3 now. Other issue, As you mentioned a BUG, im adding the domain normally and not just the name of the name server? And step 2, adding the seconday dns, 2nd box asks NS (IP-address) of the secondary name server? and it also states seperate the multiple IP's, and then last box allow zone transfer to these IP's?... seems like your asking for IP's of both name servers in 2 boxes..