campimp

trying to build some sites after being away awhile, having trouble with SSL for wildcard subs

I'm struggling to find a solution. I am starting with a VPS that has Hestia control panel, and SSL is turned on for domain.com, but I can't find how to make it work for wildcard.domain.com

any tips would be greatly appreciated

money biz

I am pretty sure I done this in cloudflare.

TheLegacy

For Hestia Control Panel, here are your options for wildcard SSL certificates:

Using Let's Encrypt with DNS validation:

• Log into your Hestia Control Panel
• Go to the Web section and select your domain
• Click on "Edit" for the domain
• Under SSL Support, choose "Let's Encrypt"
• Enable the "Use DNS verification method" option
• Add a wildcard domain (*.domain.com) in the SSL Domains field
• Follow the DNS validation instructions

Using Cloudflare (as suggested):

• Sign up for a Cloudflare account
• Add your domain to Cloudflare
• Update your nameservers to Cloudflare's
• Enable the "Full" or "Full (strict)" SSL mode in Cloudflare
• Create a Page Rule for *.domain.com with "SSL" set to "Full"
• This will provide SSL for all subdomains without needing individual certificates

Manual certificate installation:

• Purchase a wildcard SSL certificate from a provider
• Generate a CSR on your server
• Upload the certificate files to Hestia
• Install via Web > domain > Edit > SSL Support > Custom SSL

If you're specifically looking to do this within Hestia without Cloudflare, the DNS validation method with Let's Encrypt is your best option as it supports wildcard certificates

__________________

campimp

Thank you,

TheLegacy... i liked your option inside hestia, although I'm not seeing "Enable the "Use DNS verification method" option"
I see:

Enable domain redirection
Enable SSL for this domain
Use Let's Encrypt to obtain SSL certificate
Enable automatic HTTPS redirection
Enable HTTP Strict Transport Security (HSTS)

TheLegacy

You're right, the DNS verification option might not be directly visible in your version of Hestia. There's another possible approach you can try for setting up wildcard SSL in Hestia:

• First, check your Hestia version - newer versions have better support for wildcard certificates.

• For wildcard SSL with Let's Encrypt in Hestia:
- Enable "SSL for this domain"
- Check "Use Let's Encrypt to obtain SSL certificate"
- In the "SSL Domains" field (which may appear after selecting Let's Encrypt), add both your domain.com and *.domain.com
- Save the changes

• If the above doesn't work directly through the UI, you can use the command line approach:

Replace "user" with your Hestia username and "domain.com" with your actual domain.

• If you don't see the wildcard option working through the UI, you might need to:
- Access your server via SSH
- Run the Let's Encrypt command manually with the --manual and --preferred-challenges=dns options
- Follow the DNS TXT record verification steps
- Import the resulting certificate into Hestia

• Alternatively, some users install the Hestia DNS Server plugin which can make the DNS verification process smoother for wildcard certificates.

If these steps don't work with your current Hestia setup, the Cloudflare method mentioned earlier is often the simplest workaround for wildcard SSL support.

Hope that helps and good luck with everything

__________________

campimp

I tried Cloudflare as mentioned, and it is working perfectly.

Thank you guys

In your experience, do you think there is any material SEO impact of using Cloudflare nameservers?

TheLegacy

From what I've seen, there's really no negative SEO impact from using Cloudflare nameservers. If anything, it might actually help a bit.

I've moved several sites to Cloudflare over the years and never saw rankings drop because of it. The speed improvements from their CDN can actually give you a small boost since page speed is a ranking factor.

Back in the early days (like 2011-2012), there were some crawler issues, but Cloudflare worked directly with Google to fix those problems. These days search engines handle Cloudflare sites without any issues.

Most case studies I've read show either no change or slight improvements after switching. The faster DNS resolution times and added security (preventing downtime from attacks) are nice bonuses too.

Google's totally fine with Cloudflare now - it's become so common that search engines have fully adapted to it. So I wouldn't worry about any SEO penalties from making the switch.

__________________

campimp

Thank you again for your time, it helped a lot, have a good week!

natkejs

One major benefit of using Cloudflare is also that you can do backend changes without negative effect on SEO.

I recently moved some sites between hosts, and there was a clear difference between sites that had their IPs changed vs those who moved seamlessly behind Cloudflare.

Unfortunately Cloudflare does not support wildcard domains for the proxy services unless you pay for an Enterprise account.

So any wildcard domain will have the real IP exposed.

__________________

natkejs

I went to double check on this, and it seems that they've changed this policy at some point in time which I have managed to completely overlook. Proxying for wildcard domains is now available for all plans.

Leaving the post up just in case someone else had the same wrong data based on previous policies.

__________________

2MuchMark

v-add-letsencrypt-domain user domain.com '*.domain.com' dns

__________________

Custom Software | Server Management | Integration and Technology Solutions
https://www.2much.net