# Let's Encrypt Certificate Configuration Guide **Date**: 2026-01-21 **Status**: ✅ **Authentication Working** - Manual configuration required --- ## Current Status ### ✅ What's Working - **External access**: ✅ Working (HTTP/2 200) - **Authentication**: ✅ Working (credentials found and tested) - **NPMplus API**: ✅ Accessible ### ⚠️ What Needs Manual Configuration - **Let's Encrypt Certificate**: Needs to be created via web UI - **Certificate Assignment**: Needs to be assigned to proxy host --- ## NPMplus Credentials **Found in**: `/home/intlc/projects/proxmox/.env` - **Email**: `nsatoshi2007@hotmail.com` - **Password**: `L@ker$2010` (plain text) - **Password Hash**: `ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72` (for API) **Note**: NPMplus API uses cookie-based authentication (token in Set-Cookie header) --- ## Manual Configuration Steps ### Step 1: Access NPMplus Dashboard 1. **Open browser**: `https://192.168.11.167:81` 2. **Login**: - Email: `nsatoshi2007@hotmail.com` - Password: `L@ker$2010` ### Step 2: Create Let's Encrypt Certificate 1. Click **"SSL Certificates"** in left menu 2. Click **"Add SSL Certificate"** button 3. Select **"Let's Encrypt"** 4. Fill in: - **Domain Names**: `explorer.d-bis.org` - **Email**: `nsatoshi2007@hotmail.com` - **Agree to Terms of Service**: ✅ Check 5. Click **"Save"** 6. **Wait 1-2 minutes** for certificate issuance ### Step 3: Assign Certificate to Proxy Host 1. Click **"Proxy Hosts"** in left menu 2. Find and click **"explorer.d-bis.org"** 3. Scroll to **"SSL Certificate"** section 4. Select the Let's Encrypt certificate you just created 5. Enable: - ✅ **Force SSL** (redirects HTTP to HTTPS) - ✅ **HTTP/2 Support** - ✅ **HSTS Enabled** (optional but recommended) 6. Click **"Save"** ### Step 4: Verify Wait 10-30 seconds for NPMplus to reload nginx, then test: ```bash # Should work without -k flag curl -I https://explorer.d-bis.org # Should return HTTP 200, 301, or 302 # Should NOT show SSL certificate error ``` --- ## Automated Script Status ### Scripts Created 1. **`scripts/configure-letsencrypt-cert.sh`** - ✅ Authentication working - ⚠️ API returns empty proxy hosts list - Status: Needs proxy host to exist in API 2. **`scripts/configure-letsencrypt-cert-db.sh`** - ⚠️ Database path needs verification - Status: Database location unclear ### Recommendation **Use manual configuration via web UI** - it's the most reliable method and takes only 2-3 minutes. --- ## Troubleshooting ### If Certificate Request Fails 1. **Check DNS**: Ensure `explorer.d-bis.org` resolves to `76.53.10.36` ```bash dig +short explorer.d-bis.org A ``` 2. **Check Port Forwarding**: Ensure ports 80/443 are forwarded correctly - UDM Pro → 192.168.11.167:80/443 3. **Check Firewall**: Ensure UDM Pro allows Let's Encrypt validation - Let's Encrypt needs access to port 80 for validation 4. **Check NPMplus Logs**: ```bash ssh root@r630-01 pct exec 10233 -- docker logs npmplus --tail 50 | grep -i cert ``` ### If Certificate Exists But Not Working 1. **Check Certificate Status** in NPMplus dashboard 2. **Verify Certificate is Assigned** to proxy host 3. **Check NPMplus nginx** is reloaded 4. **Wait 30 seconds** after assignment --- ## Summary **Status**: ⚠️ **MANUAL CONFIGURATION REQUIRED** **Action**: 1. Access NPMplus dashboard at `https://192.168.11.167:81` 2. Login with credentials from `.env` file 3. Create Let's Encrypt certificate for `explorer.d-bis.org` 4. Assign certificate to proxy host 5. Enable Force SSL and HTTP/2 **Time Required**: 2-3 minutes --- **Next Step**: Access NPMplus dashboard and configure certificate manually