Hi, check out the basic process for requesting a certificate here: Requesting a Certificate | Certify The Web Docs
Step one is to specify your domains (e.g. webmail.yourdomain.com and smtp.yourdomain.com which be example names and you may want that as separate certificates or combined). This is where the ‘A primary domain must be included’ validation message is coming from, on the Certificate > Domains tab.
If you are using Certify The Web on the same server and it’s accessible on the internet, you can use http validation. DNS validation is a little more complex but worthwhile if you don’t want to open port 80 etc.
Once you have added your domains to the Certificate and configured your authorization method (dns in this case), clicking Test will perform some basic checks and in the case of DNS will create a test TXT record, then delete it again.
Once you have a certificate, you will need to work out how to deploy that certificate to your service, this is usually accomplished using a Task (script etc). You may find other hmailserver questions and examples on this forum, or on the hmailserver support community.