Letsencrypt error on fresh install for panel

I entered the FQDN in the setup of hestiacp and it all installed with no errors

After login into the panel with <local_ip_Address> :8083 as admin there is no DNS records, so I Logged in with SSH and ran v-add-letsencrypt-host.

I have hestiacp hosting its own Name Servers and websites work that I have restored from a backup, the registrars have propagated properly and all should be working fine I guess.

I get this error when trying to get letsencrypt for the panel.

Error: Let’s Encrypt validation status 400 (panel.mydomain.org.uk). Details: 400:“DNS problem: NXDOMAIN looking up A for panel.mydomain.org.uk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for panel.mydomain.org.uk - check that a DNS record exists for this domain”
Error: Let’s Encrypt SSL creation failed

Shoudlnt it already have the DNS for the FQDN you set in the install? like it does for new domains and you want DNS records to be created.

A good few years ago you installed with FQDN that you set, waited for registrars to propagate, set child-ns etc and ran the command for letsencrypt SSL on the panel and it worked with nothing else to do, whats changed?

you can not add dns records as it says the domain belongs to another user even when trying to add DNS from the Admin user.

I am struggling here, searched the forum and google with no solution to my issue, to add letsencrypt to the host panel (hestiacp) when hosting your own name servers.

Let me know whether I’m understanding the issue.

1.- Fresh Hestia install.
2.- You issued a Let’s Encrypt cert for your host using v-add-letsencrypt-host and this worked… right?
3.- Now you restore a backup or backups… included the admin user?
4.- Now you can’t re-issue a certificate for your domain neither from web ui nor via command line?

Well, if the domain example.org is owned to another user instead of admin user, the DNS are managed by that user so you have 2 options:

Option 1
Add a new web domain panel.example.org to the Hestia user that is managing the main domain example.org.

After that, execute the command v-add-letsencrypt-host

Option 2
Add a new DNS A record for panel.example.org from the user that is managing the main domain.

Change to no the option Enforce subdomain ownership so other users can add subdomains even if they don’t own the main domain.

That option is in Server settings -> Configure -> Security -> Policies -> Domains

You can also do it from command line:
v-change-sys-config-value ENFORCE_SUBDOMAIN_OWNERSHIP no

Execute the command v-add-letsencrypt-host (this command not only will issue the certificate but will also add panel.example.org to the admin user).

Why? Hestia doesn’t know if you want to host the DNS of that domain or even if you are the owner.

1.- Fresh Hestia install.
2.- You issued a Let’s Encrypt cert for your host using v-add-letsencrypt-host and this worked… right?

number 2 does not work on a fresh install

so what your saying invalidates the need to input a FQDN during install, the whole point of the FQDN for the panel is to use that to login to the panel or as far as I am to believe.

Yes but nobody says that the DNS for the domain must be managed by Hestia. Mine it isn’t.

Thank you for your reply.

I installed before the ENFORCE_SUBDOMAIN_OWNERSHIP was included in hestiacp and it worked without having to have these additional steps and it just worked.

there should be a way instead of having to set ENFORCE_SUBDOMAIN_OWNERSHIP no.

I run websites for friends, family and myself, not in a commercial sense, so it does not impact me personally.

No. 2 in that list does not work if you follow that as a todo list: i.e. do 1, then do 2, then do 3.

Tried on 3 vm’s in my lab and everytime it will not let me (ubuntu 22.04.4).

Maybe I didn’t explain it very well but of course there is one. Remove panel.example.org from admin user and add it to the user that already has the main domain example.org.

If you say that in a fresh install, with only the admin user and no domains added, v-add-letsencrypt-host doesn’t work,…what is the error? You can also try to debug the error bash -x $HESTIA/bin/v-add-letsencrypt-host

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.