Adding hst.<domain> to letsencrypt

Looking at /etc/apache2/conf.d/domains/.ssl.conf
there is just one serveralias, for www.

How do I add a hst. alias or does it need to go somewhere else?

Delete the domain admin user

Run v-change-sys-hostname hst.domain.com
v-add-letsencrypt-hostname

Admin user should never used for hosting any website!

I created this post in response to
https://github.com/hestiacp/hestiacp/issues/2652
stating that support isn’t provided over github.
Just adding the link for context.

It looks like all I need to do is update the letsencrypt certificate to cover hst.<domain> .
What you’re recommending sounds risky.

I’m not running any server software besides hestia control panel.

Isnt risky at all, just in case you havent added any website to the admin user it is just a dummy domain. Follow @eris suggestions and it should work.

You can add an alias in edit web. But we strongly suggest to not use admin user to host any website on it. hst.domain.com should be an empty website with nothing on it… And then it works fine as intended…

I’m backing up the server in case anything goes wrong.

I really don’t understand why it has to be more difficult than for example https://bobcares.com/blog/certbot-generate-certificate-for-subdomain/

This just adds a subdomain to the existing certificate.

Because Hestia doesn’t use certbot.

If you provided the correct hostname hst.domain.com during setup it wouldn’t be an issue.

You don’t need to make backup of the server as it has been done 1000 of times. There is nothing special on the command you execute…

I ran v-change-sys-hostname hst.<domain>
I deleted the admin website.
I created a regular user account “user”.
I created the web domain under the “user” account.
I changed its configuration to use SSL.
It has an alias for www.<domain>

The command v-add-letsencrypt-hostname doesn’t exist so I tried v-add-letsencrypt-host.

# v-add-letsencrypt-host
Error: Web domain <domain> exists
Error: web domain hst.<domain> doesn't exist

And I accidentally edited your post

No worries, the markdown was still accessable.
How do I fix the errors?

In Settings → Security → Policy

Set enforce domain owner ship

If you mean Enforce subdomain ownership it’s already set to “yes”.

Set it to no

Firefox loves it, I had to restart Google Chrome, now it loves it too!
Not sure what Enforce subdomain ownership is but it’s fixed now.
Too bad no man page for v-add-letsencrypt-host and the other commands.

Thanks for your help.