d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/archive/completion/LETS_ENCRYPT_RPC_2500_COMPLETE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.9 KiB
Raw Blame History

Let's Encrypt Certificate Setup Complete - RPC-01 (VMID 2500)

Date: $(date)
Domain: rpc-core.d-bis.org
Container: besu-rpc-1 (Core RPC Node)
VMID: 2500
Status: CERTIFICATE INSTALLED

Setup Complete

Let's Encrypt certificate has been successfully installed for rpc-core.d-bis.org on VMID 2500.

📋 What Was Configured

1. Domain Configuration

  • Domain: rpc-core.d-bis.org
  • Added to Nginx server_name: All server blocks updated
  • DNS: Domain should resolve to 192.168.11.250 (or via Cloudflare Tunnel)

2. Certificate Obtained

  • Type: Let's Encrypt (production)
  • Issuer: Let's Encrypt
  • Location: /etc/letsencrypt/live/rpc-core.d-bis.org/
  • Auto-renewal: Enabled

3. Nginx Configuration

  • SSL Certificate: Updated to use Let's Encrypt certificate
  • SSL Key: Updated to use Let's Encrypt private key
  • Configuration: Validated and reloaded

🔍 Certificate Details

Certificate Path

Certificate: /etc/letsencrypt/live/rpc-core.d-bis.org/fullchain.pem
Private Key: /etc/letsencrypt/live/rpc-core.d-bis.org/privkey.pem

Certificate Information

  • Subject: CN=rpc-core.d-bis.org
  • Issuer: Let's Encrypt
  • Valid For: 90 days (auto-renewed)
  • Auto-Renewal: Enabled via certbot.timer

🧪 Verification

Certificate Status

pct exec 2500 -- certbot certificates

Test HTTPS

# From container
pct exec 2500 -- curl -X POST https://localhost:443 \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

# From external (if DNS configured)
curl -X POST https://rpc-core.d-bis.org \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

Check Auto-Renewal

# Check timer status
pct exec 2500 -- systemctl status certbot.timer

# Test renewal
pct exec 2500 -- certbot renew --dry-run

🔧 Management Commands

View Certificate

pct exec 2500 -- certbot certificates

Renew Certificate Manually

pct exec 2500 -- certbot renew

Force Renewal

pct exec 2500 -- certbot renew --force-renewal

Check Renewal Logs

pct exec 2500 -- journalctl -u certbot.timer -n 20

🔄 Auto-Renewal

Status

  • Timer: certbot.timer - Enabled and active
  • Frequency: Checks twice daily
  • Renewal: Automatic 30 days before expiration

Manual Renewal Test

pct exec 2500 -- certbot renew --dry-run

📊 Nginx Configuration

SSL Certificate Paths

The Nginx configuration has been updated to use:

ssl_certificate /etc/letsencrypt/live/rpc-core.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-core.d-bis.org/privkey.pem;

Server Names

All server blocks now include:

server_name rpc-core.d-bis.org besu-rpc-1 192.168.11.250 rpc-core.besu.local rpc-core.chainid138.local;

🌐 DNS Configuration

Required DNS Record

Option 1: Direct A Record

Type: A
Name: rpc-core
Domain: d-bis.org
Target: 192.168.11.250
TTL: Auto

Option 2: Cloudflare Tunnel (CNAME)

Type: CNAME
Name: rpc-core
Domain: d-bis.org
Target: <tunnel-id>.cfargotunnel.com
Proxy: 🟠 Proxied

Verify DNS

dig rpc-core.d-bis.org
nslookup rpc-core.d-bis.org

Checklist

  • Domain configured: rpc-core.d-bis.org
  • Nginx server_name updated
  • Certbot installed
  • Certificate obtained (production)
  • Nginx configuration updated
  • Nginx reloaded
  • Auto-renewal enabled
  • Certificate verified
  • HTTPS endpoint tested

🐛 Troubleshooting

Certificate Not Found

# List certificates
pct exec 2500 -- certbot certificates

# If missing, re-run:
pct exec 2500 -- certbot --nginx -d rpc-core.d-bis.org

Renewal Fails

# Check logs
pct exec 2500 -- journalctl -u certbot.timer -n 50

# Test renewal manually
pct exec 2500 -- certbot renew --dry-run

DNS Not Resolving

# Check DNS
dig rpc-core.d-bis.org

# Verify DNS record exists in Cloudflare/your DNS provider

📚 Related Documentation

🎉 Summary

Status: COMPLETE

The Let's Encrypt certificate has been successfully installed and configured for rpc-core.d-bis.org. The certificate will automatically renew 30 days before expiration.

Next Steps:

  1. Verify DNS record points to the server (or via tunnel)
  2. Test HTTPS access from external clients
  3. Monitor auto-renewal (runs automatically)

Setup Date: $(date)
Certificate Expires: ~90 days from setup (auto-renewed)
Auto-Renewal: Enabled

Reference in New Issue View Git Blame Copy Permalink