View Categories

How to Install Let’s Encrypt SSL in Hestia CP (Hostname, Admin Panel, and Email Server)

This guide helps you secure Hestia Control Panel, mail server, and the server hostname with a free Let’s Encrypt SSL certificate.

šŸ“Œ What Youā€™ll Achieve

  • Secure hostname access via HTTPS
  • Enable SSL for theĀ  Hestia Control Panel
  • Secure connections to your mail server (SMTP, IMAP, POP)

šŸ§± Prerequisites

  • HestiaCP must be installed and running
  • You must have root or sudo access
  • A valid domain andĀ  subdomain (hostname) with proper DNS A record pointing to your server IP
šŸ§© Step-by-Step Instructions
Ā Choose and Set a Valid Hostname

Use a subdomain of your main domain as hostname. Examples:

server1.example.com
mail.example.com
panel.domain.tld

Make sure the hostname has a valid A record in DNS.

Change the System Hostname

Run the following command as root:

v-change-sys-hostname server1.example.com

or 

hostnamectl set-hostname server1.example.com

Replace `server1.example.com` with your actual hostname.

Install Let’s Encrypt SSL for Hostname

Hestia provides a built-in script to apply SSL for:

Hestia Admin Panel (`:8083`)
Mail Server (Exim4, Dovecot)
Hostname access

Run the command:

v-add-letsencrypt-host

This will:

Request and install a Let’s Encrypt certificate

Apply it to the hostname, control panel, and mail services

Restart the necessary services

 

Ā Verification
Ā Admin Panel (Hestia)

Visit: https://server1.example.com:8083

šŸ”’ You should now see a valid SSL certificate .

Ā Mail Server

Your email client (Thunderbird, Outlook, etc.) should now use:

IMAP/POP/SMTPĀ  via `server1.example.com`
* Ports:

IMAP: 993 (SSL)
SMTP: 465 or 587 (SSL/TLS)
POP3: 995 (SSL)

If previously configured with self-signed certificates, update your email client to trust the new hostname.

Ā Optional: Renewing the SSL Certificate

Letā€™s Encrypt certificates auto-renew using `cron`. You can manually test renewal using:

v-add-letsencrypt-host

Or:

/usr/local/hestia/bin/v-update-letsencrypt-ssl
šŸ’” Notes

Ensure port 80 and 443 are open in your firewall for Let’s Encrypt to validate the hostname.
You may need to clear your browser cache or restart mail clients after SSL installation.

šŸ§¾ Conclusion

Youā€™ve now secured yourĀ  Hestia Control Panel ,Ā  mail server , andĀ  hostnameĀ  usingĀ  Letā€™s Encrypt SSL with just a couple of commands.