[Bug] SSL is not installing

[RitZz48]

Describe the bug

https://user-images.githubusercontent.com/102799834/176957437-6c421323-f4ee-47e0-bdeb-3bdad24aaf06.mp4

Issue with CloudFlare SSL installation for the panel subdomain. Whenever I try to save it, it prints successful but doesn't save the SSL. as shown in the video above.

Tell us how to replicate the bug

Not sure, But since its occuring to me whenever I try to add Cloudflare SSL. I assume it'll be the same for you?

Which components are affected by this bug?

Control Panel Backend, Control Panel Installation or Upgrade, Control Panel Web Interface, Let's Encrypt SSL

Hestia Control Panel Version

1.6.2

Operating system

Ubuntu 20.04.4 LTS

Log capture

No response

[schmerold]

Deleting "verifications" section from /usr/local/hestia/bin/v-add-web-domain-ssl allows the command line SSL installer to do its job. I am using the SSL CA as downloaded from https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem Hestia reports that it's invalid. Disabling verifications allows everything to work.

[jaapmarcus]

https://github.com/hestiacp/hestiacp/blob/e1e095af4b9cdc7a901af49024e59ffab9705434/bin/v-add-web-domain-ssl#L60

If you include the CF root certificate it should work fine

[schmerold]

I did include the CF root certificate. I have been using Hestia with CF certificates for some time, a recent update broke things.

[jaapmarcus]

@RitZz48 In your case your are missing the root certificates from Cloudlfare they should be included as the chain is not valid.

[ioannidesalex]

Did you put the origin from CA from Cloudflare at the last (third) box?

[ioannidesalex]

Sorry I just noticed its for thr panel. You need to put it just below the SSL certificate in the first box.

[ioannidesalex]

Btw @jaapmarcus there was a bug with Cloudflare not displaying correctly in the very early HestiaCP versions. However SSL was working properly. But that was fixed long time ago.

[schmerold]

@ioannidesalex - yes, I pasted in the origin certificate. I has worked in the past, this time, I get an invalid certificate error. It worked properly on June 17, something broke between then and now. I am running Debian 11, perhaps there is an issue with openssl.

[RitZz48]

Sorry I just noticed its for thr panel. You need to put it just below the SSL certificate in the first box.

So like Paste the normal ceritificate and then root certificate with 'enter' in between?

[schmerold]

Top two boxes from https://dash.cloudflare.com/guid/domain.com/ssl-tls/client-certificates/form Bottom box from https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem

[jaapmarcus]

You can also insert the .pem + root file in the top box

And the key in the last box.

Also I am not able to replicate the behaviour where it saves and return no error.. and it didn't save. Always an error is visible.

[benzntech]

@ioannidesalex @RitZz48 , Follow the instruction on the youtube works,. https://youtu.be/BK7qyPa-VmI?t=434 To do this, you can add the Cloudflare certificate authority to your server like this:

sudo su -

wget https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem

mv origin_ca_rsa_root.pem origin_ca_rsa_root.crt

cp origin_ca_rsa_root.crt /usr/local/share/ca-certificates

update-ca-certificates

@jaapmarcus Experience a UI issue while updating the SSL in the configure. Same UI issue as the youtube reference https://youtu.be/BK7qyPa-VmI?t=644