How to regenerate SSL certificate for panel?

Hi, when i want to access my hestiacp panel. Mozilla complain about certificate is corrupted. How to regenerate ‘self signed’ ssl certificate only for panel domain?

For self signed, go to Server > Configure > SSL > Generate Self-Signed SSL Certificate.

For Letsencrypt, run:
sudo /usr/local/hestia/bin/v-add-letsencrypt-host

@Wibol I want to ask.
In your server does certificate for
https://hestiacp.example.com:2083/
and
https://hestiacp.example.com/phpmyadmin/

is using the same ssl certificate or not?

Mine is different.

Do you know how to reissue self ssl certificate for phpmyadmin?

I come from Vestacp and in the configuration panel itself it will let you choose an SSL from an existing host with SSL.

This would be very useful and would be perfect for hestiacp, being able to create a host with its aliases and then being able to choose that host for which panel to use it would be very convenient

The way you propose the problem is that every time it is renewed you have to re-enable the mail group so that exim no error and that is very bad since if you do not realize it exim stops working.

If vestacp has it and you can include it, that would be great!

It would also be useful to be able to add SSL to the FTP of the domains from the panel itself.

Thanks for your great work!

There is no need, just follow the docs, this is a onetime command you need to run - expect you change your hostname: SSL Certificates and Let's Encrypt — Hestia Control Panel documentation

The way vesta has implement it will not be implemented, this has already been discussed a while ago and has been declined.

I don’t see any need here aswell, also it isnt supported from vsftpd. The hostname cert itself should be enough, also its better to stick to sftp instead ftps.

That’s right, it’s the same in both places. I use the TeltsEncypt certificate that automatically generates and applies the “v-add-letsencrypt-host” script to all services except the websites. That is, the panel, the subdomains “mail” and “webmail”, FPT, PHPMyAdmin, etc…

This certificate will be automatically renewed before its expiration.

I continue to think that it is easier to do as vestacp that everything is done from the panel itself without having to give access to the terminal

With that script that you comment, the certificate that it generates replaces the one that the panel does by default for the defaulted certificate? the certificate.crt i certificate.key? and leave it as a mail group so that exim doesn’t stop working?

We have enabled by default to request an valid SSL certificate on install on default. If the initial request fails you have only once to enable it via command line.

The biggest issue is probally Cloudflare: When proxy is enabled Cloudflare will always send any traffic (Also http) to wards https. And Hestia recieves and request that it can’t understand. If you really keep wanting to use SSL on you hostname consider using a self signed certificate (How ever you have issue with FTPS) or set it once probally.

HestiaCP isn’t VestaCP and they decide to do certain taks on one way and we think different about this behaviour.

1 Like

I provided the command v-add-letsencrypt-host and it worked, now the panel is on ssl!

But the problem is that a reverse DNS is used for my fixed ip that already has a name assigned and has to match the same host name that I have for hestiacp on my server

It would be easier to rethink that the hestiacp panel on my server could choose another existing SSL as Vestacp does

Greetings

Have you tried: v-change-sys-hostname

the problem is not changing the server’s local host, the problem is that the static IP assigned by my internet provider has a reverse name ip: example: mail.domain.com

The local host must be called the same so that it is not filtered as spam on the destination server, I don’t know if you understand me … if I do the command v-add-letsencrypt-host it makes me SSL of mail.domain.com and I I would like to be able to assign another SSL to the panel such as cpanel.domain.com

It is difficult to understand but it would be easy to do as vestacp that from the panel gives the option to choose an existing SSL for the hestiacp panel to use.

PS: sorry for my English, I’m Spanish and I use google translator

Does your provider offer Reverse DNS Management in there control panel, I use Contabo.com and they do.

Alternative

It is not what I am looking for since I have my own servers in the office and I do not want to have them in the cloud

Thanks!

Currently not possible, at least over the v-add-letsencrypt-host part. You could also manualy set the certs in /usr/local/hestia/ssl/ and create a custom script which will copy the related cert after renew, replace it and restart the related services. Have a look at v-add-letsencrypt-host how its been done there.

I will adapt to the way of doing Hestiacp that does it very well, I only express that I could choose an SSL of the existing ones for the panel without having to do scripts since it forces to pull the terminal when in Vestacp it is not necessary and they have the code at hand to be able to implant it in HestiaCP

I close the topic, thank you!

We’re clearly NOT vestacp, we consider the user to be common with the shell and know, how to handle it.

1 Like

Also for new installs it will if the user is able to setup hostname propperly before the install it won’t even be needed any more to login into ssh

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.