d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/NPMPLUS_REQUEST_7_CERTS_VIA_UI.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

2.3 KiB
Raw Permalink Blame History

Request the 7 Missing NPMplus Certs via UI (DNS Cloudflare)

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Why: The NPM API only accepts domain_names + provider: "letsencrypt". It does not accept letsencrypt_email, credential_id, or method: "dns" in this version, so API-requested certs use HTTP challenge and often fail (same-day expiry, Inactive). The 19 working certs were issued in the NPM UI with DNS Challenge and Cloudflare.

Do this: Request a certificate in the NPM UI for each of the 7 hosts below, using DNS Challenge and your Cloudflare credential.

7 Hosts Without a Certificate

Host ID Domain
22 cross-all.defi-oracle.io
26 rpc.d-bis.org
24 rpc.defi-oracle.io
27 rpc2.d-bis.org
28 ws.rpc.d-bis.org
29 ws.rpc2.d-bis.org
25 wss.defi-oracle.io

Steps (for each host)

  1. Open NPMplus (e.g. https://192.168.11.167:81).
  2. Go to Hosts → click the host (e.g. cross-all.defi-oracle.io).
  3. Open the SSL tab.
  4. Click Request a new SSL Certificate (or Get a new certificate).
  5. Choose Use a DNS Challenge (or DNS Challenge).
  6. DNS Provider: Cloudflare.
  7. Credentials: Select the Cloudflare credential you added (the one with your “Credentials File Content”).
  8. Email: your Lets Encrypt contact email (e.g. from .env or the one you use in NPM).
  9. Agree to the Lets Encrypt ToS and submit.
  10. Wait for issuance (usually under a minute). Confirm Expires is ~90 days out and Status is Active.
  11. Repeat for the other 6 hosts.

Quick links: Run ./scripts/print-npmplus-7-cert-edit-urls.sh to print direct edit URLs (e.g. .../81/#/proxy-hosts/edit/22). Open each → SSL tab → Request certificate → DNS Challenge → Cloudflare.

After All 7 Are Done

  • Run ./scripts/list-npmplus-proxy-hosts-cert-status.sh → you should see With cert: 26, No cert: 0.
  • Run ./scripts/list-npmplus-certificates-status.sh → all 26 proxy hosts should have a cert with KEEP (in use, not expiring soon).

See also: docs/04-configuration/NPM_SSL_DNS_CLOUDFLARE_TROUBLESHOOTING.md, scripts/certbot/print-cloudflare-credentials-from-env.sh.

Reference in New Issue View Git Blame Copy Permalink