Generate CSR Key


I want to generate the CSR for RapidSSL Wildcard Certificate

How can I generate CSR Key in hestiacp server

Hi @laklak,

This question is not related to Hestia and you should ask to your certificate provider but…

You could use openssl to generate it, and there are also a few online generators out there like

You should ask your certificate provider whether you need to include the SANs in the certificate or they will be added during the order process. Just in case you don’t know it, if you request a certificate for * it will be valid only for subdomains like,, etc. but won’t be valid for or so I recommend to add * and to the same certificate.

Example creating csr for and * using key of 2048 bits:

openssl req -sha256 -nodes -new -newkey 2048 -keyout -out -subj "/CN=*" -reqexts SAN -config <(echo -e "[req]\\\\n[]\\n[SAN]\\,DNS:*")

You could also add the Country, the City, Organization, etc. but don’t know whether this will be included in the certificate you want to request.

Note: you should replace CC by your country code (US, UK, ES, etc.), also the other attributes and of course the domain name.

openssl req -sha256 -nodes -new -newkey 2048 -keyout -out -subj "/C=CC/ST=YourState/L=YourCity/O=YourOrganization/OU=YourDepartment/CN=*" -reqexts SAN -config <(echo -e "[req]\\\\n[]\\n[SAN]\\,DNS:*")

You must send to your certificate provider and save really well the private key (if you lost it you won’t be able to use the certifcate).

Note: If you are using Hestia as DNS server for your domain, you could issue a wildcard certificate from Let’s Encrypt for free.


Thank you very much for your guidance :pray:

1 Like

Edit web → Generate Self Signed Certificate will also generate the CSR fine

Make sure to keep the .key and .csr fine …

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.