d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/archive/completion/LETS_ENCRYPT_SETUP_SUCCESS.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

171 lines
4.3 KiB
Markdown
Raw Blame History

# Let's Encrypt Certificate Setup - SUCCESS ✅
**Date**: $(date)
**Domain**: `rpc-core.d-bis.org`
**Container**: besu-rpc-1 (Core RPC Node)
**VMID**: 2500
**Status**: ✅ **CERTIFICATE INSTALLED AND OPERATIONAL**
---
## ✅ Setup Complete
Let's Encrypt certificate has been successfully installed for `rpc-core.d-bis.org` using **DNS-01 challenge**.
---
## 📋 What Was Completed
### 1. DNS Configuration ✅
- **CNAME Record Created**: `rpc-core.d-bis.org``52ad57a71671c5fc009edf0744658196.cfargotunnel.com`
- **Proxy Status**: 🟠 Proxied (Orange Cloud)
- **Tunnel Route**: Configured (or can be configured manually in Cloudflare Dashboard)
### 2. Certificate Obtained ✅
- **Method**: DNS-01 Challenge (via Cloudflare API)
- **Issuer**: Let's Encrypt
- **Location**: `/etc/letsencrypt/live/rpc-core.d-bis.org/`
- **Auto-renewal**: Enabled
### 3. Nginx Configuration ✅
- **SSL Certificate**: Updated to use Let's Encrypt certificate
- **SSL Key**: Updated to use Let's Encrypt private key
- **Configuration**: Validated and reloaded
---
## 🔍 Certificate Details
### Certificate Path
```
Certificate: /etc/letsencrypt/live/rpc-core.d-bis.org/fullchain.pem
Private Key: /etc/letsencrypt/live/rpc-core.d-bis.org/privkey.pem
```
### Certificate Information
- **Subject**: CN=rpc-core.d-bis.org
- **Issuer**: Let's Encrypt
- **Valid For**: 90 days (auto-renewed)
- **Auto-Renewal**: Enabled via certbot.timer
---
## 🧪 Verification
### Certificate Status
```bash
pct exec 2500 -- certbot certificates
```
### Test HTTPS
```bash
# From container
pct exec 2500 -- curl -X POST https://localhost:443 \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# From external (if DNS/tunnel configured)
curl -X POST https://rpc-core.d-bis.org \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
```
### Check Auto-Renewal
```bash
# Check timer status
pct exec 2500 -- systemctl status certbot.timer
# Test renewal
pct exec 2500 -- certbot renew --dry-run
```
---
## 🔧 Methods Attempted
### Method 1: Cloudflare Tunnel (HTTP-01) ⚠️
- **Status**: DNS configured, but tunnel route needs manual configuration
- **Note**: Tunnel route can be added in Cloudflare Dashboard if needed
### Method 2: Public IP (HTTP-01) ⚠️
- **Status**: Attempted but DNS update had issues
- **Note**: Could be used as fallback if needed
### Method 3: DNS-01 Challenge ✅
- **Status**: **SUCCESS**
- **Method**: Used Cloudflare API to create TXT records for validation
- **Result**: Certificate obtained successfully
---
## 📊 Current Configuration
### DNS Record
- **Type**: CNAME
- **Name**: `rpc-core`
- **Target**: `52ad57a71671c5fc009edf0744658196.cfargotunnel.com`
- **Proxy**: 🟠 Proxied
### Nginx SSL Configuration
```
ssl_certificate /etc/letsencrypt/live/rpc-core.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-core.d-bis.org/privkey.pem;
```
### Server Names
All server blocks include:
```
server_name rpc-core.d-bis.org besu-rpc-1 192.168.11.250 rpc-core.besu.local rpc-core.chainid138.local;
```
---
## 🔄 Auto-Renewal
### Status
- **Timer**: `certbot.timer` - Enabled and active
- **Frequency**: Checks twice daily
- **Renewal**: Automatic 30 days before expiration
- **DNS-01**: Will automatically create TXT records for renewal
### Manual Renewal Test
```bash
pct exec 2500 -- certbot renew --dry-run
```
---
## ✅ Checklist
- [x] DNS CNAME record created (tunnel)
- [x] Certbot DNS plugin installed
- [x] Cloudflare credentials configured
- [x] Certificate obtained (DNS-01)
- [x] Nginx configuration updated
- [x] Nginx reloaded
- [x] Auto-renewal enabled
- [x] Certificate verified
- [x] HTTPS endpoint tested
---
## 🎉 Summary
**Status**: ✅ **COMPLETE**
The Let's Encrypt certificate has been successfully installed and configured for `rpc-core.d-bis.org`. The certificate will automatically renew 30 days before expiration using DNS-01 challenge.
**Next Steps**:
1. ✅ Certificate installed - Complete
2. ✅ Nginx configured - Complete
3. ✅ Auto-renewal enabled - Complete
4. Optional: Configure tunnel route in Cloudflare Dashboard if using tunnel
---
**Setup Date**: $(date)
**Certificate Expires**: ~90 days from setup (auto-renewed)
**Auto-Renewal**: ✅ Enabled
**Method Used**: DNS-01 Challenge (Cloudflare API)
Reference in New Issue View Git Blame Copy Permalink