My system is Debian 12, HestiaCP v1.8.11
The first fix I would suggest, I first saw it in a post from @punkyard
Add the Cloudflare Origin root certificate to /usr/local/share/ca-certificates/cloudflare-origin.crt
wget https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem
mkdir /usr/local/share/ca-certificates
mv origin_ca_rsa_root.pem /usr/local/share/ca-certificates/cloudflare-origin.crt
update-ca-certificates
This will at least fix the error when adding a certificate, which Hestia will notify you about
However, having added the certificate, it will not show up in the dashboard. This is a Cloudflare error, in my opinion. Since, there is an error in the root certificate, it has lines like this
Issuer: C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
Subject: O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
Clever openssl command, adds quotes to the ‘O =’ value since the value has a comma for some reason, lol. This breaks the script from the Hestia developers, I don’t know if they should have foreseen this, as it seems like a silly and obvious certificate error, but I would fix it if I were the Hestia team.
And here’s what I did…
in /usr/local/hestia/bin/v-list-sys-hestia-ssl
changed
subj=$(echo "$info" | grep Subject: | cut -f 2 -d =)
issuer=$(echo "$info" | grep Issuer: | sed -e "s/.*Issuer: //")
on
subj=$(echo "$info" | grep Subject: | sed 's/["]//g' | cut -f 2 -d =)
issuer=$(echo "$info" | grep Issuer: | sed -e "s/.*Issuer: //" -e 's/["]//g')
This simply removes the quotes from the Issuer and Subject object value sample.
I really ask those who read the post and understand shell to correct my solution by writing what I left out and how it would be better to do it! Since I’m not a professional at all, but an absolute amateur)))) Thank you!
But this is not all! If you fix only this, the certificate, yes, will be displayed in the panel, but there will be an error in /usr/local/hestia/nginx/logs/error.log.
[warn] 95441#0: "ssl_stapling" ignored, issuer certificate not found for certificate "/usr/local/hestia/ssl/certificate.crt"
we need to add to the certificate, the root certificate on the chain, since nginx, it is necessary. This is how it works)
cat /usr/local/share/ca-certificates/origin_ca_rsa_root.crt >> /usr/local/hestia/ssl/certificate.crt
I think that’s it)
All corrections are welcome.
Special thanks to the Hestia team, love you guys!
P.S. Fun fact, on OSX openssl does not add these quotes to the certificate if there is a comma in the Issuer and Subject values
on this version it works as described above - OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023) - Debian 12
no quotes are added on this version - OpenSSL 3.3.0 9 Apr 2024 (Library: OpenSSL 3.3.0 9 Apr 2024) - OSX
By the way it also caused a huge error message every time I went to Server Settings, in the /usr/local/hestia/log/nginx-error.log file, which doesn’t even fit in the message)
[error] 1248#0: *746 FastCGI sent in stderr: "PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 258; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 258; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 259; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 259; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 260; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 260; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 261; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 261; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 262; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 262; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 263; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 263; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 264; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/local/hestia/web/edit/server/index.php on line 264; PHP message: PHP Warning: Trying t