d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
explorer-monorepo/LETSENCRYPT_CONFIGURATION_GUIDE.md

145 lines
3.7 KiB
Markdown
Raw Permalink Blame History

# Let's Encrypt Certificate Configuration Guide
**Date**: 2026-01-21
**Status**: ✅ **Authentication Working** - Manual configuration required
---
## Current Status
### ✅ What's Working
- **External access**: ✅ Working (HTTP/2 200)
- **Authentication**: ✅ Working (credentials found and tested)
- **NPMplus API**: ✅ Accessible
### ⚠️ What Needs Manual Configuration
- **Let's Encrypt Certificate**: Needs to be created via web UI
- **Certificate Assignment**: Needs to be assigned to proxy host
---
## NPMplus Credentials
**Found in**: `/home/intlc/projects/proxmox/.env`
- **Email**: `nsatoshi2007@hotmail.com`
- **Password**: `L@ker$2010` (plain text)
- **Password Hash**: `ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72` (for API)
**Note**: NPMplus API uses cookie-based authentication (token in Set-Cookie header)
---
## Manual Configuration Steps
### Step 1: Access NPMplus Dashboard
1. **Open browser**: `https://192.168.11.167:81`
2. **Login**:
- Email: `nsatoshi2007@hotmail.com`
- Password: `L@ker$2010`
### Step 2: Create Let's Encrypt Certificate
1. Click **"SSL Certificates"** in left menu
2. Click **"Add SSL Certificate"** button
3. Select **"Let's Encrypt"**
4. Fill in:
- **Domain Names**: `explorer.d-bis.org`
- **Email**: `nsatoshi2007@hotmail.com`
- **Agree to Terms of Service**: ✅ Check
5. Click **"Save"**
6. **Wait 1-2 minutes** for certificate issuance
### Step 3: Assign Certificate to Proxy Host
1. Click **"Proxy Hosts"** in left menu
2. Find and click **"explorer.d-bis.org"**
3. Scroll to **"SSL Certificate"** section
4. Select the Let's Encrypt certificate you just created
5. Enable:
-**Force SSL** (redirects HTTP to HTTPS)
-**HTTP/2 Support**
-**HSTS Enabled** (optional but recommended)
6. Click **"Save"**
### Step 4: Verify
Wait 10-30 seconds for NPMplus to reload nginx, then test:
```bash
# Should work without -k flag
curl -I https://explorer.d-bis.org
# Should return HTTP 200, 301, or 302
# Should NOT show SSL certificate error
```
---
## Automated Script Status
### Scripts Created
1. **`scripts/configure-letsencrypt-cert.sh`**
- ✅ Authentication working
- ⚠️ API returns empty proxy hosts list
- Status: Needs proxy host to exist in API
2. **`scripts/configure-letsencrypt-cert-db.sh`**
- ⚠️ Database path needs verification
- Status: Database location unclear
### Recommendation
**Use manual configuration via web UI** - it's the most reliable method and takes only 2-3 minutes.
---
## Troubleshooting
### If Certificate Request Fails
1. **Check DNS**: Ensure `explorer.d-bis.org` resolves to `76.53.10.36`
```bash
dig +short explorer.d-bis.org A
```
2. **Check Port Forwarding**: Ensure ports 80/443 are forwarded correctly
- UDM Pro → 192.168.11.167:80/443
3. **Check Firewall**: Ensure UDM Pro allows Let's Encrypt validation
- Let's Encrypt needs access to port 80 for validation
4. **Check NPMplus Logs**:
```bash
ssh root@r630-01
pct exec 10233 -- docker logs npmplus --tail 50 | grep -i cert
```
### If Certificate Exists But Not Working
1. **Check Certificate Status** in NPMplus dashboard
2. **Verify Certificate is Assigned** to proxy host
3. **Check NPMplus nginx** is reloaded
4. **Wait 30 seconds** after assignment
---
## Summary
**Status**: ⚠️ **MANUAL CONFIGURATION REQUIRED**
**Action**:
1. Access NPMplus dashboard at `https://192.168.11.167:81`
2. Login with credentials from `.env` file
3. Create Let's Encrypt certificate for `explorer.d-bis.org`
4. Assign certificate to proxy host
5. Enable Force SSL and HTTP/2
**Time Required**: 2-3 minutes
---
**Next Step**: Access NPMplus dashboard and configure certificate manually
Reference in New Issue View Git Blame Copy Permalink