SSL for panel problem

#1

Hi,
I have a question, how to get a letsencrypt certificate for the panel?

[email protected]:~# v-add-letsencrypt-host
Error: ssl certificate key pair is not valid
Error: domain panel1.daffyy.pro does not have an SSL certificate.

[email protected]:~# v-update-host-certificate admin panel1.daffyy.pro
Error: domain panel1.daffyy.pro does not have an SSL certificate.

and in panel when i tried check le and force https

Field "ssl certificate, ssl key" can not be blank.

How le can be added to hestiacp?

#2

Hello

It looks like you don’t have a valid cert under your hostname. Login as admin and try to add manually a let’s encrypt cert to your hostnames web domain.

If the process works properly, run v-update-host-certificate admin yourhostname again.

#3

When i tick ssl -> lets encrypt in web tab in my domain:
Error: SSL is not enabled
next time:
Field "ssl certificate, ssl key" can not be blank.

Manual paste ssl to inputs in domain edit:
Error code: 3

What i can do?

#4

Please remove your hostname web domain (just delete it), then run v-add-letsencrypt-host without any arguments.

#5

Removed and command result:
[email protected]:~# v-add-letsencrypt-host Error: ssl certificate key pair is not valid Error: domain h1.daffyy.pro does not have an SSL certificate. [email protected]:~#

#6

Please send your login and ssh credentials to [email protected], so that we can have a look.

#7

You’ve got a Error: “Let’s Encrypt new auth status 429”

-> https://community.letsencrypt.org/t/too-many-registrations-for-this-ip-domains-error-status-429/58167

You’ve to wait a week, then try again to add a ssl certificate.

#8

This was a issue with the installed openssl version:

OpenSSL 1.1.1 11 Sep 2018
Error message:
Using default temp DH parameters
139656848691648:error:02004061:system library:socket:unknown:…/crypto/bio/b_sock2.c:49:
139656848691648:error:2008C076:BIO routines:BIO_socket:unable to create socket:…/crypto/bio/b_sock2.c:50:
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
0 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)

Was fixed running a apt update && apt upgrade, installed the version from sury repository:

OpenSSL 1.1.1c 28 May 2019

With the new version above, the check went trough properly:

Using default temp DH parameters
ACCEPT

So the issue is solved, also we’ve reworked the installer: https://github.com/hestiacp/hestiacp/commit/3bcd42d376b044d3e40fdc2ad37c08e2b4f1fa69

1 Like
#9

Next question about ssl,
how to use cloudflare ssl with hestiacp?
Cloudflare - protect leaking server ip but when i’m added domain to cloudflare & vestacp it’s working, but when forced ssl on cloudflare side not:

 Success!
Your new web server is ready to use.

its showing server default page not user page

#10

Hi daffyy,

I can assist you on this matter, however I will need access to review your Cloudflare settings. Is that possible?

1 Like
#11

Nvm my bad, full SSL option on cf req. own SSL cert on server, changed to flexible and its ok

1 Like
#12

Hello I would like to understand if the le cert ist thought for the panel url itself most it will be some subdomain srv.domain.tld
As it can be done on vestacp
Or is it only for the hosted domains and we have to buy some ssl for the panel itself?
Best regards Markus

#13

Hi Markus

Thanks for your request. Please check the v-add-letsencrypt-host command, it will automatically add a valid let’s encrypt ssl certificate for hestia backend.

#14

Thank you for the ultra fast Sunday reply…
Nice hint I will report when I’m at home.

Update:
i cannot believe that it is so easy. great work what you did here. Thank you for that.
It worked, simply enter

v-add-letsencrypt-host

then the letsencrypt cert is used for panel no need to buy some cert elsewhere.

i use ubuntu 18.04 and first time i installed this HestiaCP i encountered the problem with Publickey due to missing gnugp2 package solvable easily with
sudo apt install gnupg2

i have another little problem i think i will open new thread so that others can perhaps benefit from my very good first experience with your software.
Best regards Markus

1 Like
#15

Hi Markus

Thanks for the hint with gnupg2, I’ve added it to the installer.

1 Like
#16

i reinstalled recently
in v 1.0.5 the gnupg2 is still not included
i have seen you discussed with some guys about that include

what is the result of that?

#17

The change was in master branch, not release. It will be released with 1.1.0.

#18

ok , i have second installation with hestia panel
i upgraded to branch master successfully and now have 1.1.0
by the way the user is quite big in my installation

big-user
big-user.PNG2234×1315 157 KB

the question is
that the upgrade was successful but
i do have old config

selection
selection.PNG2071×1455 120 KB

i found a migration script

but i do not know how to execute it… or is it neccessary?

UPDATE: I better should have opened a new topic?
when you want then delete after reply

#19

A upgrade to 1.1.0 is not a good idea for productive servers. You should just be able to execute the script for the migration.