The browser says the connection is not secure, but does Hestia by default automatically use a self-signed certificate so that all logins actually are secured by https? Thanks
Hestia creates a self-signed certificate during the install:
# Generating SSL certificate
echo "[ * ] Generating default self-signed SSL certificate..."
$HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \
'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem | cut -f 1 -d:)
if [ "$release" = "12" ]; then
key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:)
key_end=$(grep -n "END PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:)
else
key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem | cut -f 1 -d:)
key_end=$(grep -n "END RSA" /tmp/hst.pem | cut -f 1 -d:)
fi
# Adding SSL certificate
echo "[ * ] Adding SSL certificate to Hestia Control Panel..."
cd $HESTIA/ssl
sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
chown root:mail $HESTIA/ssl/*
chmod 660 $HESTIA/ssl/*
rm /tmp/hst.pem
It also creates this cron entry:
# Create cronjob to generate ssl
echo "@reboot root sleep 10 && rm /etc/cron.d/hestia-ssl && PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:' && /usr/local/hestia/bin/v-add-letsencrypt-host" > /etc/cron.d/hestia-ssl
And above means that in next reboot (and only in next reboot) it will try to issue a Let’s Encrypt certificate for your server’s hostname but maybe it failed because your hostname is not resolving publicly, because you didn’t configure the dns, because you didn’t open the ports, etc.
That said, yes, doesn’t matter whether the certificate is valid or your browser is complaining about it, if you accept that certificate the information will be transmitted securely.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.