SSL for panel problem

daffyy · July 1, 2019, 12:39am

Hi,
I have a question, how to get a letsencrypt certificate for the panel?

[email protected]:~# v-add-letsencrypt-host
Error: ssl certificate key pair is not valid
Error: domain panel1.daffyy.pro does not have an SSL certificate.

[email protected]:~# v-update-host-certificate admin panel1.daffyy.pro
Error: domain panel1.daffyy.pro does not have an SSL certificate.

and in panel when i tried check le and force https

Field "ssl certificate, ssl key" can not be blank.

How le can be added to hestiacp?

ScIT · July 1, 2019, 6:12am

Hello

It looks like you don’t have a valid cert under your hostname. Login as admin and try to add manually a let’s encrypt cert to your hostnames web domain.

If the process works properly, run v-update-host-certificate admin yourhostname again.

daffyy · July 1, 2019, 7:54pm

When i tick ssl -> lets encrypt in web tab in my domain:
Error: SSL is not enabled
next time:
Field "ssl certificate, ssl key" can not be blank.

Manual paste ssl to inputs in domain edit:
Error code: 3

What i can do?

ScIT · July 2, 2019, 6:15am

Please remove your hostname web domain (just delete it), then run v-add-letsencrypt-host without any arguments.

daffyy · July 2, 2019, 7:40am

Removed and command result:
[email protected]:~# v-add-letsencrypt-host Error: ssl certificate key pair is not valid Error: domain h1.daffyy.pro does not have an SSL certificate. [email protected]:~#

ScIT · July 2, 2019, 7:54am

Please send your login and ssh credentials to [email protected], so that we can have a look.

ScIT · July 2, 2019, 11:41am

You’ve got a Error: “Let’s Encrypt new auth status 429”

-> https://community.letsencrypt.org/t/too-many-registrations-for-this-ip-domains-error-status-429/58167

You’ve to wait a week, then try again to add a ssl certificate.

ScIT · July 2, 2019, 11:52am

This was a issue with the installed openssl version:

OpenSSL 1.1.1 11 Sep 2018
Error message:
Using default temp DH parameters
139656848691648:error:02004061:system library:socket:unknown:…/crypto/bio/b_sock2.c:49:
139656848691648:error:2008C076:BIO routines:BIO_socket:unable to create socket:…/crypto/bio/b_sock2.c:50:
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
0 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)

Was fixed running a apt update && apt upgrade, installed the version from sury repository:

OpenSSL 1.1.1c 28 May 2019

With the new version above, the check went trough properly:

Using default temp DH parameters
ACCEPT

So the issue is solved, also we’ve reworked the installer: https://github.com/hestiacp/hestiacp/commit/3bcd42d376b044d3e40fdc2ad37c08e2b4f1fa69

daffyy · July 2, 2019, 8:49pm

Next question about ssl,
how to use cloudflare ssl with hestiacp?
Cloudflare - protect leaking server ip but when i’m added domain to cloudflare & vestacp it’s working, but when forced ssl on cloudflare side not:

 Success!
Your new web server is ready to use.

its showing server default page not user page

alex · July 3, 2019, 6:09am

Hi daffyy,

I can assist you on this matter, however I will need access to review your Cloudflare settings. Is that possible?

daffyy · July 3, 2019, 6:48am

Nvm my bad, full SSL option on cf req. own SSL cert on server, changed to flexible and its ok