Hi all. Just a few days in using this control panel, and I am impressed with the capabilities of it. Though I must say the documentation is not on the same level. it’s quite a challenge.
Anyhow, I have successfully added some domains for managing, and even got LetsEncrypt running on the web side of these domains. For each domain I added a separate FTP account.
The issue now is that when I use one of these FTP accounts, I get the certificate of the hosting panel, not the one I was expecting: from the related domain.
How do I get this right?
Maybe something like v-update-domain-ftp-certificate USER DOMAIN or whatever?
You’re right, documentation is one of our parts that needs a hard improvement - currently, we do not have enough man power to fullfill all parts, so we still search new helpfull m8s to expand and improve our project .
To your question: Please check the command v-add-letsencrypt-host, this should add a valid ssl cert to your hestia backend, dovecot, exim and vsftpd. The user will need to connect using the server hostname, otherwise the cert would show as invalid.
Hi ScIT, thanks for the prompt reply.
Already created a SSL certification for the host thanks.
Now to be clear: All ftp accounts have to connect to the host domain, and they should not use their assigned domain?
To clarify: I have installed HestiaCP on host.example.com, and next created a couple of domains:
Created ftp access to somedomain.tld and anotherdomain.tld, and now the users for these domains have to connect by FTP to host.example.com, use their FTP access creds for somedomain or anotherdomain
And they will access the assigned user space in /home/<USER>/web/somedomain.tld/ or /home/<USER>/web/anotherdomain.tld/
I realize that these users can use the domains in their FTP client to fill in the host part for their connection, only they will be presented with the certificate for the host, and asked whether they trust this
Did I summarize this correctly? I don’t ask to be a nuisance, just to understand correctly.
Yes, your clients/users should use host.domain.tld as ftp server address. vstftpd does not support multiple ssl certificate, but we did that for the mail stack, where you can enable mail.customerdomain.com with valid lets encrypt certificates for smtp, pop, imap and webmail.
Ok, thanks for the reply. It’s perfectly clear now.
Are you thinking migrate FTP service to pure-ftpd or another that support SNI on next versions?
Currently not no, I would suggest to use sftp, which works also for users without ssh rights due to the implemented sftp jail.