4.1 KiB
4.1 KiB
Let's Encrypt Setup Status for RPC-01 (VMID 2500)
Date: $(date)
Status: ⚠️ REQUIRES PUBLIC DOMAIN
⚠️ Current Situation
Current Configuration
- Nginx domains:
rpc-core.besu.local,rpc-core.chainid138.local - Certificate: Self-signed (10-year validity)
- Status: Working for internal use
Problem
Let's Encrypt does NOT support .local domains. These domains are:
- Not publicly accessible
- Not resolvable via public DNS
- Cannot be validated by Let's Encrypt
✅ What Was Prepared
1. Certbot Installed ✅
- Certbot and python3-certbot-nginx installed
- Ready to obtain certificates
2. Scripts Created ✅
scripts/setup-letsencrypt-rpc-2500.sh- HTTP-01 challengescripts/setup-letsencrypt-dns-01-rpc-2500.sh- DNS-01 challenge- Both scripts ready to use
3. Documentation Created ✅
docs/LETS_ENCRYPT_RPC_2500_GUIDE.md- Complete guide- This status document
🔧 To Complete Let's Encrypt Setup
Required: Public Domain
You need a public domain (not .local). Examples:
rpc-core.yourdomain.comrpc-core.d-bis.orgrpc-core.chainid138.com
Option 1: HTTP-01 Challenge (Recommended if Port 80 Accessible)
Requirements:
- Public domain with A record pointing to server
- Port 80 accessible from internet
- Domain resolves correctly
Steps:
# 1. Create DNS A record
# rpc-core.yourdomain.com → 192.168.11.250
# 2. Update Nginx server_name
pct exec 2500 -- sed -i 's/server_name.*rpc-core.besu.local.*;/server_name rpc-core.yourdomain.com rpc-core.besu.local 192.168.11.250;/' /etc/nginx/sites-available/rpc-core
# 3. Run script
./scripts/setup-letsencrypt-rpc-2500.sh rpc-core.yourdomain.com
Option 2: DNS-01 Challenge (If Port 80 Not Accessible)
Requirements:
- Public domain
- Cloudflare API token (or other DNS provider API)
- DNS API access
Steps:
# 1. Get Cloudflare API token
# Cloudflare Dashboard → My Profile → API Tokens → Create Token
# 2. Run script
./scripts/setup-letsencrypt-dns-01-rpc-2500.sh rpc-core.yourdomain.com YOUR_API_TOKEN
Option 3: Keep Self-Signed (For Internal Use)
If this is internal-only:
- ✅ Self-signed certificate works fine
- ✅ No external dependencies
- ✅ No browser warnings for internal tools
- ❌ Browser warnings for external users (if any)
No action needed - current setup is sufficient.
📋 Next Steps
If You Have a Public Domain
-
Choose challenge method:
- HTTP-01: If port 80 is accessible
- DNS-01: If port 80 is not accessible
-
Run appropriate script:
# HTTP-01 ./scripts/setup-letsencrypt-rpc-2500.sh rpc-core.yourdomain.com # DNS-01 ./scripts/setup-letsencrypt-dns-01-rpc-2500.sh rpc-core.yourdomain.com YOUR_API_TOKEN -
Verify:
pct exec 2500 -- certbot certificates curl -X POST https://rpc-core.yourdomain.com ...
If You Don't Have a Public Domain
Options:
- Register a domain (e.g., via Cloudflare, Namecheap, etc.)
- Use existing domain (if you have one)
- Keep self-signed (for internal use only)
🔍 Current Certificate Status
Type: Self-signed
Location: /etc/nginx/ssl/rpc.crt
Valid For: 10 years
Status: ✅ Working for internal use
To Replace:
- Need public domain
- Run Let's Encrypt setup script
- Certificate will be at:
/etc/letsencrypt/live/<domain>/
📚 Documentation
- Let's Encrypt RPC 2500 Guide - Complete setup guide
- Nginx RPC 2500 Configuration - Nginx config
- Cloudflare DNS Configuration - DNS setup
✅ Summary
Status: ⚠️ READY BUT REQUIRES PUBLIC DOMAIN
- ✅ Certbot installed
- ✅ Scripts created
- ✅ Documentation complete
- ⏳ Waiting for: Public domain name
Current certificate: Self-signed (working for internal use)
To proceed: Provide a public domain name and run the appropriate script.
Last Updated: $(date)