AWS Route 53 and Wildcard domains

Community Support DNS
1

I use AWS Route 53 to host my domains. Before installing Hestia, I set up the root user. Under the root account I set up my AWS credentials:

aws configure

Then I enter the secret keys, etc.

Then I install Hestia CP. I create my domains as normal. In order to get a wildcard certificate, I enter:

image
image649Ă—355 15 KB

It may take a few times, usually 2 for some reason, for the certificate to be created. You may see a warning about the _acme-challenge not found. Try it again until you get the certificate installed.

The Domain Dashboard should look like this, indicating a wildcard certificate is installed:

image

When you create email accounts, be sure to open the SSL ports on your router, 465 and 993. Also the mail domain is mail.domain.com and not imap. nor smtp.

2

Hestia doesn’t support using other DNS providers to issue wildcard certificates. This means you can’t issue a wildcard certificate by validating it through AWS Route 53. You can only issue a wildcard certificate if Hestia is managing DNS for your domains.

No, that indicates that you have a domain sweetpikel.com and an alias *.sweetpikel.com, that’s all.

Right know your web domain is serving the certificate valid for sweetpikel.com and www.sweetpikel.com

❯ ssl_check sweetpikel.com 443
2025-09-16 18:27 - Checking sweetpikel.com on port 443

issuer=C = US, O = Let's Encrypt, CN = R12
subject=CN = sweetpikel.com
notBefore=Sep 14 15:44:37 2025 GMT
notAfter=Dec 13 15:44:36 2025 GMT
SANs: sweetpikel.com,www.sweetpikel.com

Right now you are not even using a valid certificate for mail.sweetpikel.com neither for smtp nor imap, the certificate is only valid for your server’s hostname libra.punkasskingdom.net

❯ ssl_check mail.sweetpikel.com 465
2025-09-16 18:29 - Checking mail.sweetpikel.com on port 465

issuer=C = US, O = Let's Encrypt, CN = R12
subject=CN = libra.punkasskingdom.net
notBefore=Sep 14 13:37:41 2025 GMT
notAfter=Dec 13 13:37:40 2025 GMT
SANs: libra.punkasskingdom.net

❯ ssl_check mail.sweetpikel.com 993
2025-09-16 18:29 - Checking mail.sweetpikel.com on port 993

issuer=C = US, O = Let's Encrypt, CN = R12
subject=CN = libra.punkasskingdom.net
notBefore=Sep 14 13:37:41 2025 GMT
notAfter=Dec 13 13:37:40 2025 GMT
SANs: libra.punkasskingdom.net
2 Likes