Adding hst.<domain> to letsencrypt

philipashmore · June 12, 2022, 10:17am

Looking at /etc/apache2/conf.d/domains/.ssl.conf
there is just one serveralias, for www.

How do I add a hst. alias or does it need to go somewhere else?

eris · June 12, 2022, 10:19am

Delete the domain admin user

Run v-change-sys-hostname hst.domain.com
v-add-letsencrypt-hostname

Admin user should never used for hosting any website!

philipashmore · June 12, 2022, 10:28am

I created this post in response to
https://github.com/hestiacp/hestiacp/issues/2652
stating that support isn’t provided over github.
Just adding the link for context.

It looks like all I need to do is update the letsencrypt certificate to cover hst.<domain> .
What you’re recommending sounds risky.

I’m not running any server software besides hestia control panel.

Raphael · June 12, 2022, 10:33am

Isnt risky at all, just in case you havent added any website to the admin user it is just a dummy domain. Follow @eris suggestions and it should work.

eris · June 12, 2022, 10:45am

You can add an alias in edit web. But we strongly suggest to not use admin user to host any website on it. hst.domain.com should be an empty website with nothing on it… And then it works fine as intended…

philipashmore · June 12, 2022, 11:16am

I’m backing up the server in case anything goes wrong.

I really don’t understand why it has to be more difficult than for example https://bobcares.com/blog/certbot-generate-certificate-for-subdomain/

This just adds a subdomain to the existing certificate.

eris · June 12, 2022, 11:30am

Because Hestia doesn’t use certbot.

If you provided the correct hostname hst.domain.com during setup it wouldn’t be an issue.

You don’t need to make backup of the server as it has been done 1000 of times. There is nothing special on the command you execute…

philipashmore · June 12, 2022, 1:59pm

I ran v-change-sys-hostname hst.<domain>
I deleted the admin website.
I created a regular user account “user”.
I created the web domain under the “user” account.
I changed its configuration to use SSL.
It has an alias for www.<domain>

The command v-add-letsencrypt-hostname doesn’t exist so I tried v-add-letsencrypt-host.

# v-add-letsencrypt-host
Error: Web domain <domain> exists
Error: web domain hst.<domain> doesn't exist

eris · June 12, 2022, 4:24pm

And I accidentally edited your post

philipashmore · June 12, 2022, 4:44pm

No worries, the markdown was still accessable.
How do I fix the errors?

eris · June 12, 2022, 4:45pm

In Settings → Security → Policy

Set enforce domain owner ship

philipashmore · June 12, 2022, 4:50pm

If you mean Enforce subdomain ownership it’s already set to “yes”.

eris · June 12, 2022, 4:57pm

Set it to no

philipashmore · June 12, 2022, 5:03pm

Firefox loves it, I had to restart Google Chrome, now it loves it too!
Not sure what Enforce subdomain ownership is but it’s fixed now.
Too bad no man page for v-add-letsencrypt-host and the other commands.

Thanks for your help.

system · July 12, 2022, 5:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.