proxmox/docs/archive/completion/LETS_ENCRYPT_SETUP_SUCCESS.md

Let's Encrypt Certificate Setup - SUCCESS ✅

Date: $(date)
Domain: rpc-core.d-bis.org
Container: besu-rpc-1 (Core RPC Node)
VMID: 2500
Status: ✅ CERTIFICATE INSTALLED AND OPERATIONAL

---

✅ Setup Complete

Let's Encrypt certificate has been successfully installed for rpc-core.d-bis.org using DNS-01 challenge.

---

📋 What Was Completed

1. DNS Configuration ✅

• CNAME Record Created: rpc-core.d-bis.org → 52ad57a71671c5fc009edf0744658196.cfargotunnel.com
• Proxy Status: 🟠 Proxied (Orange Cloud)
• Tunnel Route: Configured (or can be configured manually in Cloudflare Dashboard)

2. Certificate Obtained ✅

• Method: DNS-01 Challenge (via Cloudflare API)
• Issuer: Let's Encrypt
• Location: /etc/letsencrypt/live/rpc-core.d-bis.org/
• Auto-renewal: Enabled

3. Nginx Configuration ✅

• SSL Certificate: Updated to use Let's Encrypt certificate
• SSL Key: Updated to use Let's Encrypt private key
• Configuration: Validated and reloaded

---

🔍 Certificate Details

Certificate Path

Certificate: /etc/letsencrypt/live/rpc-core.d-bis.org/fullchain.pem
Private Key: /etc/letsencrypt/live/rpc-core.d-bis.org/privkey.pem

Certificate Information

• Subject: CN=rpc-core.d-bis.org
• Issuer: Let's Encrypt
• Valid For: 90 days (auto-renewed)
• Auto-Renewal: Enabled via certbot.timer

---

🧪 Verification

Certificate Status

pct exec 2500 -- certbot certificates

Test HTTPS

# From container
pct exec 2500 -- curl -X POST https://localhost:443 \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

# From external (if DNS/tunnel configured)
curl -X POST https://rpc-core.d-bis.org \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

Check Auto-Renewal

# Check timer status
pct exec 2500 -- systemctl status certbot.timer

# Test renewal
pct exec 2500 -- certbot renew --dry-run

---

🔧 Methods Attempted

Method 1: Cloudflare Tunnel (HTTP-01) ⚠️

• Status: DNS configured, but tunnel route needs manual configuration
• Note: Tunnel route can be added in Cloudflare Dashboard if needed

Method 2: Public IP (HTTP-01) ⚠️

• Status: Attempted but DNS update had issues
• Note: Could be used as fallback if needed

Method 3: DNS-01 Challenge ✅

• Status: SUCCESS
• Method: Used Cloudflare API to create TXT records for validation
• Result: Certificate obtained successfully

---

📊 Current Configuration

DNS Record

• Type: CNAME
• Name: rpc-core
• Target: 52ad57a71671c5fc009edf0744658196.cfargotunnel.com
• Proxy: 🟠 Proxied

Nginx SSL Configuration

ssl_certificate /etc/letsencrypt/live/rpc-core.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-core.d-bis.org/privkey.pem;

Server Names

All server blocks include:

server_name rpc-core.d-bis.org besu-rpc-1 192.168.11.250 rpc-core.besu.local rpc-core.chainid138.local;

---

🔄 Auto-Renewal

Status

• Timer: certbot.timer - Enabled and active
• Frequency: Checks twice daily
• Renewal: Automatic 30 days before expiration
• DNS-01: Will automatically create TXT records for renewal

Manual Renewal Test

pct exec 2500 -- certbot renew --dry-run

---

✅ Checklist

• DNS CNAME record created (tunnel)
• Certbot DNS plugin installed
• Cloudflare credentials configured
• Certificate obtained (DNS-01)
• Nginx configuration updated
• Nginx reloaded
• Auto-renewal enabled
• Certificate verified
• HTTPS endpoint tested

---

🎉 Summary

Status: ✅ COMPLETE

The Let's Encrypt certificate has been successfully installed and configured for rpc-core.d-bis.org. The certificate will automatically renew 30 days before expiration using DNS-01 challenge.

Next Steps:

1. ✅ Certificate installed - Complete
2. ✅ Nginx configured - Complete
3. ✅ Auto-renewal enabled - Complete
4. Optional: Configure tunnel route in Cloudflare Dashboard if using tunnel

---

Setup Date: $(date)
Certificate Expires: ~90 days from setup (auto-renewed)
Auto-Renewal: ✅ Enabled
Method Used: DNS-01 Challenge (Cloudflare API)