Hello guys
After migration to new VPS everything looks fine, i’ve install HestiaCP and restored all users and everything seems works fine but I cant add SSL to hostname (v-add-letsencrypt-host) and also can’t reach hestiacp via hostname
host.example.com:8083). only via IP address (0.0.0.0:8083)
(Error: Let's Encrypt validation status 400 (host.example.com:8083). Details: 400:"DNS problem: NXDOMAIN looking up A for host.example.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for host.example.com - check that a DNS record exists for this domain")
and second is in mail client says: “The server you are connected to is using security certificat that cannot be verified” but is probably hostname issues like i’ve wrote above.
You probaly do not have a dns record for the hostname…
1 Like
How to add it?
root@host:~# nslookup host.example.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: host.example.com:8083
Address: 127.0.0.1
Well, add a A record for the related domain? Please keep in mind you’re running a webserver, you should have the knowledge how to do so.
1 Like
The first time I installed everything went well, I didn’t install anything extra for that, SSL add3ed perfectly without issues, is that something changed?
everything added for related domain, it has SSL and it works, only issue with hostname
Hi @osmaster,
As @raphael said, you must add an A record for host.example.com pointing to your server’s ip. You can do that via Web UI or via command line:
Note: replace YourUser with the actual user.
v-add-dns-record YourUser example.com host A 203.0.113.1
2 Likes
Thank you very much @sahsanu, you are doing a great job.
so it’s should always be added after new installation? or it’s something in this case?
1 Like
I don’t use Hestia’s DNS but as far as I know, yes, you must add it manually after installation.
Is there somewhere cloudflare dns config in hestia documentaion?
I don’t know what you mean… for doc regarding the use of Cloudflare you should check their support site.
If you want to use Cloudflare’s DNS service you don’t need to configure DNS in Hestia. If you are going to use Cloudflare as proxy to access Hestia Web UI then you must change the port used by Hestia (8083) to a port supported by Cloudflare proxy like port 2083.
Are you sure you enabled SSL for the mail domain? Because seems it is not enabled. Accessing to mail.example.com via ports 465 and 995 retrieves the default cert issue to geo.example.com instead of mail.example.com/webmail.example.com… the same for port 443 trying to access your webmail.
❯ openssl s_client -connect mail.example.com:465 -servername mail.example.com 2>/dev/null </dev/null | openssl x509 -noout -issuer -dates -subject -ext subjectAltName | sed -E -e 's/^\s*//' -e '/^X509v.*/d'
issuer=C = US, O = Let's Encrypt, CN = R3
notBefore=Apr 6 12:17:06 2024 GMT
notAfter=Jul 5 12:17:05 2024 GMT
subject=CN = host.example.com
DNS:host.example.com
❯ openssl s_client -connect mail.example.com:995 -servername mail.example.com 2>/dev/null </dev/null | openssl x509 -noout -issuer -dates -subject -ext subjectAltName | sed -E -e 's/^\s*//' -e '/^X509v.*/d'
issuer=C = US, O = Let's Encrypt, CN = R3
notBefore=Apr 6 12:17:06 2024 GMT
notAfter=Jul 5 12:17:05 2024 GMT
subject=CN = host.example.com
DNS:host.example.com
❯ openssl s_client -connect mail.example.com:443 -servername webmail.example.com 2>/dev/null </dev/null | openssl x509 -noout -issuer -dates -subject -ext subjectAltName | sed -E -e 's/^\s*//' -e '/^X509v.*/d'
issuer=C = US, O = Let's Encrypt, CN = R3
notBefore=Apr 6 12:17:06 2024 GMT
notAfter=Jul 5 12:17:05 2024 GMT
subject=CN = host.example.com
DNS:host.example.com
2 Likes
Yes, I enebled it now, thank you very much @sahsanu !
2 Likes