Prerequisites
Before installing a wildcard SSL certificate, make sure you have:
- Admin access to HestiaCP
- A wildcard SSL certificate (from Let's Encrypt or commercial CA)
- DNS access for domain validation
💡 Wildcard SSL secures your main domain and unlimited subdomains (e.g., *.example.com covers blog.example.com, shop.example.com, etc.)
Method 1: Get Let's Encrypt Wildcard SSL (DNS Challenge)
Let's Encrypt wildcard requires DNS verification. Connect via SSH:
ssh hxroot@YOUR_SERVER_IP -p 22certbot certonly --manual --preferred-challenges dns -d *.example.com -d example.comFollow prompts to add a TXT record to your DNS. Once verified, the certificate is issued.
Install Wildcard SSL via HestiaCP Web Interface
Step 1: Log in to HestiaCP
https://YOUR_SERVER_IP:8083Step 2: Navigate to WEB Section
Click on WEB in the top menu bar.
Step 3: Select Domain
Click on your main domain.
Step 4: Go to SSL Tab
Click on the SSL tab.
Step 5: Upload Wildcard Certificate
Toggle SSL Support to ON, then click Install/Update Certificate.
Select Install custom certificate and paste:
- Certificate (CRT): Your wildcard certificate content
- Private Key (KEY): Your private key
- Certificate Authority (CA): Intermediate certificate (if any)
Step 6: Save
Click Save to apply.
Install via SSH Command Line
/usr/local/hestia/bin/v-add-web-domain-ssl admin example.com /path/to/fullchain.pem /path/to/privkey.pemVerify Wildcard SSL
curl -I https://blog.example.com
curl -I https://shop.example.comBoth should show valid SSL.
✅ Wildcard SSL has been installed successfully!