Enable SSL certs EVERYWHERE local w/ Lets Encrypt
Posted: Fri Apr 24, 2026 5:46 pm
Create Cloudflare account and login.
Domains > Overview > Add Domain > domainhere.com
Wait for Cloudflare to delegate (doesn't take too long (under 10mins for me)).
Change Bluehost domains to use Cloudflare NS (your CF NS hostnames could be different).
Check DNS delegation @ https://dnschecker.org/
Once complete, check Cloudflare DNS records for consistency with old records.
Create Debian 13 VM (Nginx Proxy Manager).
Install docker and portainer here https://zemerdon.com/viewtopic.php?t=368
Install NPM
docker-compose.yml
Start NPM
Create Cloudflare DNS token
Cloudflare > Manage Account > Account API Tokens > Create Token
make sure you have the following permissions for validation...
Review Token > Create Token and record the information (If you accidently close the tab, status > 3 dots > Roll, to re-create)
Login to NPM @ serverip:81 > Certificates > Add Certificate > Let's Encrypt via DNS
make sure to input your Cloudflare Token from earlier
This covers zemerdon.com and any subdomains.
Create DNS A-record to point to NPM.
Cloudflare > Domain > DNS > Record. (I use real IP because I have edge facing services).
You could control all you're subdomains in pfSense (or similar) through DNS Resolver e.g: someservice.zemerdon.com > 30.30.30.5.
Create NPM Proxy Hosts, and don't forget to create an Access Rule for LOCAL ONLY stuff. Here is an example for my webserver...
Credit:
Domains > Overview > Add Domain > domainhere.com
Wait for Cloudflare to delegate (doesn't take too long (under 10mins for me)).
Change Bluehost domains to use Cloudflare NS (your CF NS hostnames could be different).
Code: Select all
irma.ns.cloudflare.com
lou.ns.cloudflare.comCheck DNS delegation @ https://dnschecker.org/
Once complete, check Cloudflare DNS records for consistency with old records.
Create Debian 13 VM (Nginx Proxy Manager).
Install docker and portainer here https://zemerdon.com/viewtopic.php?t=368
Install NPM
Code: Select all
mkdir /home/npm
pico /home/npm/docker-compose.ymlCode: Select all
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
TZ: "Australia/Brisbane"
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencryptCode: Select all
zemerdon@NPM:~/npm$ docker compose up -dCloudflare > Manage Account > Account API Tokens > Create Token
make sure you have the following permissions for validation...
Review Token > Create Token and record the information (If you accidently close the tab, status > 3 dots > Roll, to re-create)
Login to NPM @ serverip:81 > Certificates > Add Certificate > Let's Encrypt via DNS
make sure to input your Cloudflare Token from earlier
This covers zemerdon.com and any subdomains.
Create DNS A-record to point to NPM.
Cloudflare > Domain > DNS > Record. (I use real IP because I have edge facing services).
You could control all you're subdomains in pfSense (or similar) through DNS Resolver e.g: someservice.zemerdon.com > 30.30.30.5.
Create NPM Proxy Hosts, and don't forget to create an Access Rule for LOCAL ONLY stuff. Here is an example for my webserver...
Credit: