Error While Installing Hestia Panel

I am trying to Install the Hestia Panel. But, I am getting error as shown in The Image.
I tried Updating the Certificates and every other way which was mentioned over The Internet, BUt there was no Success.
I need to run the same command more than 15 times for getting to this step.

Hello @vinayakb12,

Seems you have issues to establish SSL connections. Maybe this question should go to OCI forums because the issue is not related to Hestia, anyways, could you please show the output of these commands?

env | grep -i proxy

echo | openssl s_client -connect raw.githubusercontent.com:443 -servername raw.githubusercontent.com

curl -v -m 30 "https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh" -o /dev/null

wget -v --timeout=10 --tries=3  "https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh" -O /dev/null

Cheers,
sahsanu

echo | openssl s_client -connect raw.githubusercontent.com:443 -servername raw.githubusercontent.com

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io
   i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 21 00:00:00 2023 GMT; NotAfter: Mar 20 23:59:59 2024 GMT
 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr 14 00:00:00 2021 GMT; NotAfter: Apr 13 23:59:59 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHEjCCBfqgAwIBAgIQBE1y13zdpwLdWmfyoju92TANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzAyMjEwMDAwMDBa
Fw0yNDAzMjAyMzU5NTlaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIElu
Yy4xFDASBgNVBAMMCyouZ2l0aHViLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuLBgDhov8bGGS2TsEZ+meb7oh/GIxbRJmxC7yq/qr75UDHhDf8p7
TkVbCyQp8bsj/Bmkx2xwSXZT0wkjZbJIe7Ycqgca4nka+Xpe5xb4pkrVOaPiDfdX
7+34CHZbUtqL0OYebi/5D5lLalLKNOGkySAz05foenfFAxAmQYJhR6KvxFY/dqI4
y7JwrnJ6Q8F+J6Ne1uP256UwcL0qlid6e/tA0ld3ryMSJ0I6xgtqjL26Le4/nxXu
YlekppVQr0OwrHa44Q7Z/1bsdFCGtR+WLNGVBeW3BWeTTp7yWjgfp49DWt48V9pI
elDGiDgVyJcsLOz4OQk2vRmNA1ZBZgck4wIDAQABo4ID0DCCA8wwHwYDVR0jBBgw
FoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFI0CHHVazcamQXhpKMP3
qqeYO9W7MHsGA1UdEQR0MHKCCyouZ2l0aHViLmlvgglnaXRodWIuaW+CDCouZ2l0
aHViLmNvbYIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb22CFyouZ2l0aHVidXNl
cmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjwYDVR0fBIGHMIGE
MECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FT
SEEyNTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5j
b20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMD4GA1UdIAQ3MDUw
MwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29t
L0NQUzB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
Z2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAJBgNVHRMEAjAA
MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwB2/4g/Crb7lVHCYcz1h7o0tKTN
uyncaEIKn+ZnTFo6dAAAAYZ0gHV7AAAEAwBIMEYCIQCqfmfSO8MxeeVZ/fJzqqBB
p+VqeRDUOUBVGyTTOn43ewIhAJT0S27mmGUlpqNiDADP+Jo8C6kYHF+7U6TY74bH
XHAaAHYAc9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGGdIB1agAA
BAMARzBFAiEAguB+XQVANBj2MPcJzbz+LBPrkDDOEO3op52jdHUSW3ICIF0fnYdW
qvdtmgQNSns13pAppdQWp4/f/jerNYskI7krAHUASLDja9qmRzQP5WoC+p0w6xxS
ActW3SyB2bu/qznYhHMAAAGGdIB1SgAABAMARjBEAiAT/wA2qGGHSKZqBAm84z6q
E+dGPQZ1aCMY52pFSfcw8QIgP/SciuZG02X2mBO/miDT2hCp4y5d2sc7FE5PThyC
pbMwDQYJKoZIhvcNAQELBQADggEBADekGxEin/yfyWcHj6qGE5/gCB1uDI1l+wN5
UMZ2ujCQoKQceRMHuVoYjZdMBXGK0CIXxhmiIosD9iyEcWxV3+KZQ2Xl17e3N0zG
yOXx2Kd7B13ruBxQpKOO8Ez4uGpyWb5DDoretV6Pnj9aQ2SCzODedvS+phIKBmi7
d+FM70tNZ6/2csdrG5xIU6d/7XYYXPD2xkwkU1dX4UKmPa7h9ZPyavopcgE+twbx
LxoOkcXsNb/12jOV3iQSDfXDI41AgtFc694KCOjlg+UKizpemE53T5/cq37OqChP
qnlPyb6PYIhua/kgbH84ltba1xEDQ9i4UYfOMiJNZEzEdSfQ498=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.io
issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3597 bytes and written 407 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: F7EA4140059EAC51C389026A6EF4741409A0B03A28D9EF8E464504FBE6FC46BC
    Session-ID-ctx:
    Resumption PSK: 54C5795FAE53272D60EE45AE11AFAF37579199E98DB796B69863835CBF671DAEF855667C7B43DCB501A23C94F7E59F25
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - 75 c7 d1 84 0a 92 07 35-ce fd ff bd c5 7f bd ec   u......5........
    0010 - aa b9 b8 75 27 d8 d9 6f-fd 45 91 c9 aa 38 88 e7   ...u'..o.E...8..
    0020 - a0 19 9f f3 ff bb ce 35-a8 96 fb 9e 8a b5 3d 82   .......5......=.
    0030 - ff ab ef 04 22 f9 e8 e2-56 b0 7d 75 95 6c 8f d5   ...."...V.}u.l..
    0040 - 49 d3 ba 5c 2b 13 7d 2c-be ca 61 8a 1c b5 32 e6   I..\+.},..a...2.
    0050 - fd d4 29 32 9a 78 73 6f-42 23 86 09 66 ef 85 11   ..)2.xsoB#..f...
    0060 - 2c 16 7f f2 43 d7 43 e0-c4 dc 6e 61 81 38 9e 88   ,...C.C...na.8..
    0070 - 9d de 3d f7 1d 21 28 32-75 d6 94 4b d6 1f 80 3f   ..=..!(2u..K...?
    0080 - 18 ea 13 13 47 6a dd 8f-2b fa 97 18 9f 04 83 88   ....Gj..+.......
    0090 - 1d 3a f8 f8 89 43 f9 04-dd bd c9 c6 09 a4 e6 3d   .:...C.........=
    00a0 - 9f b6 a1 d7 f9 c0 3b 1e-a5 66 d8 02 7d 4b df 15   ......;..f..}K..

    Start Time: 1697005798
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
DONE

curl -v -m 30 “https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh” -o /dev/null

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 185.199.108.133:443...
* Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: Connection reset by peer in connection to raw.githubusercontent.com:443
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
* TLSv1.0 (OUT), TLS header, Unknown (21):
} [5 bytes data]
* TLSv1.3 (OUT), TLS alert, decode error (562):
} [2 bytes data]
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to raw.githubusercontent.com:443

wget -v --timeout=10 --tries=3 “https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh” -O /dev/null

--2023-10-11 06:31:33--  https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4497 (4.4K) [text/plain]
Saving to: ‘/dev/null’

/dev/null           100%[===================>]   4.39K  --.-KB/s    in 0s

2023-10-11 06:31:33 (143 MB/s) - ‘/dev/null’ saved [4497/4497]

Theese are the Outputs.

@sahsanu Theese values i was getting

You didn’t show the output of env | grep -i proxy

Regarding the other commands, openssl ok, curl fail, wget ok. Seems you have connectivity issues.

Could you please repeat the curl command several times to view whether it always fails?

env | grep -i proxy

This Command doesn’t give any output.

The curl seems to work in 25 tries.

As I said, connectivity issues, you should contact OCI support.

I talked with them.
Seems the Issue is with GitHub URL as Any Other Wget URL is working Fine now.
Is there any way to fix this??

@sahsanu IS there any way to fix this?
Also, Any way to Repair Apache and NGINX Configuration or the whole Panel

I don’t know what is your problem with github but you need to solve it first.

If you didn’t install Hestia I don’t know what you want to repair. Hestia installer uses several files placed on github.com and raw.githubusercontent.com so you would need to fix your issues to connect to github from that machine.

The Issue is for the Domain raw.githubusercontent.com.
Is there any way to fix it?
Also, I am having my old server which is running Hestia. But, the issue is that Apache and NGINX seem to stop working automatically after sometime

Any way to resolve this issue?
Also, if the install did get success, file manager and many other features aren’t working.

[/usr/local/hestia/web/fm/filegator_latest.zip]
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
unzip:  cannot find zipfile directory in one of /usr/local/hestia/web/fm/filegator_latest.zip or
        /usr/local/hestia/web/fm/filegator_latest.zip.zip, and cannot find /usr/local/hestia/web/fm/filegator_latest.zip.ZIP, period.
mv: cannot stat '/usr/local/hestia/web/fm/filegator/*': No such file or directory
chown: cannot access '/usr/local/hestia/web/fm/private': No such file or directory
chown: cannot access '/usr/local/hestia/web/fm/private/logs': No such file or directory
chown: cannot access '/usr/local/hestia/web/fm/repository': No such file or directory

Something like this comes up for Hestia File Manager Installation

It does download the file manger from Github…

why does the script downloading doesn’t work?
It fails
Any way to get a success install of hestia on my vm?
Ingress is allowed, egress also

The script doesn’t work because of your connection issues.

As in a previous command you connected to raw.githubusercontent.com via ip 185.199.110.133 (there are other 3 ips) try to add it to your /etc/hosts file so it will always go to that ip.

185.199.110.133 raw.githubusercontent.com

And try to install Hestia again.

1 Like

They are asking me for this.

Good luck. I doubt you would find someone from GitHub to make a traceroute from their servers to your OCI server.

I am OCI user, if any data in your server please backup it and download it locally [you can use CasaOS to get GUI of files]. Delete instance & re-deploy it.

In-case you able to install in current instance, it may give other connectivity issue in future.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.