d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
explorer-monorepo/LETSENCRYPT_CONFIGURATION_GUIDE.md

3.7 KiB
Raw Permalink Blame History

Let's Encrypt Certificate Configuration Guide

Date: 2026-01-21
Status: Authentication Working - Manual configuration required

Current Status

What's Working

  • External access: Working (HTTP/2 200)
  • Authentication: Working (credentials found and tested)
  • NPMplus API: Accessible

⚠️ What Needs Manual Configuration

  • Let's Encrypt Certificate: Needs to be created via web UI
  • Certificate Assignment: Needs to be assigned to proxy host

NPMplus Credentials

Found in: /home/intlc/projects/proxmox/.env

  • Email: nsatoshi2007@hotmail.com
  • Password: L@ker$2010 (plain text)
  • Password Hash: ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72 (for API)

Note: NPMplus API uses cookie-based authentication (token in Set-Cookie header)

Manual Configuration Steps

Step 1: Access NPMplus Dashboard

  1. Open browser: https://192.168.11.167:81
  2. Login:
    • Email: nsatoshi2007@hotmail.com
    • Password: L@ker$2010

Step 2: Create Let's Encrypt Certificate

  1. Click "SSL Certificates" in left menu
  2. Click "Add SSL Certificate" button
  3. Select "Let's Encrypt"
  4. Fill in:
    • Domain Names: explorer.d-bis.org
    • Email: nsatoshi2007@hotmail.com
    • Agree to Terms of Service: Check
  5. Click "Save"
  6. Wait 1-2 minutes for certificate issuance

Step 3: Assign Certificate to Proxy Host

  1. Click "Proxy Hosts" in left menu
  2. Find and click "explorer.d-bis.org"
  3. Scroll to "SSL Certificate" section
  4. Select the Let's Encrypt certificate you just created
  5. Enable:
    • Force SSL (redirects HTTP to HTTPS)
    • HTTP/2 Support
    • HSTS Enabled (optional but recommended)
  6. Click "Save"

Step 4: Verify

Wait 10-30 seconds for NPMplus to reload nginx, then test:

# Should work without -k flag
curl -I https://explorer.d-bis.org

# Should return HTTP 200, 301, or 302
# Should NOT show SSL certificate error

Automated Script Status

Scripts Created

  1. scripts/configure-letsencrypt-cert.sh

    • Authentication working
    • ⚠️ API returns empty proxy hosts list
    • Status: Needs proxy host to exist in API

  2. scripts/configure-letsencrypt-cert-db.sh

    • ⚠️ Database path needs verification
    • Status: Database location unclear

Recommendation

Use manual configuration via web UI - it's the most reliable method and takes only 2-3 minutes.

Troubleshooting

If Certificate Request Fails

  1. Check DNS: Ensure explorer.d-bis.org resolves to 76.53.10.36

    dig +short explorer.d-bis.org A

  2. Check Port Forwarding: Ensure ports 80/443 are forwarded correctly

    • UDM Pro → 192.168.11.167:80/443

  3. Check Firewall: Ensure UDM Pro allows Let's Encrypt validation

    • Let's Encrypt needs access to port 80 for validation

  4. Check NPMplus Logs:

    ssh root@r630-01
pct exec 10233 -- docker logs npmplus --tail 50 | grep -i cert

If Certificate Exists But Not Working

  1. Check Certificate Status in NPMplus dashboard
  2. Verify Certificate is Assigned to proxy host
  3. Check NPMplus nginx is reloaded
  4. Wait 30 seconds after assignment

Summary

Status: ⚠️ MANUAL CONFIGURATION REQUIRED

Action:

  1. Access NPMplus dashboard at https://192.168.11.167:81
  2. Login with credentials from .env file
  3. Create Let's Encrypt certificate for explorer.d-bis.org
  4. Assign certificate to proxy host
  5. Enable Force SSL and HTTP/2

Time Required: 2-3 minutes

Next Step: Access NPMplus dashboard and configure certificate manually

Reference in New Issue View Git Blame Copy Permalink