Use NPMPlus to manage evernode SSL Certs

Post Reply
mike&ike
Posts: 1
Joined: Fri Feb 06, 2026 3:48 am

Use NPMPlus to manage evernode SSL Certs

Post by mike&ike »

# NPMPlus managed SSL Certs for Evernode

## Prep the PVE host
In order to share certs with your vms you need to create a NFS server on the PVE host

#### Step 1 Install NFS server:

Code: Select all

apt update && apt install nfs-kernel-server -y

You also need to have a ZFS pool shared bu the PVE host and VMs
*replace evernnodes-ZFS with the name of your ZFS pool

#### Step 2 Create

Code: Select all

mkdir -p /<evernodes-ZFS>/shared-certs
chmod 777 /<evernodes-ZFS>/shared-certs

Code: Select all

cat <<EOF >> /etc/exports
/<evernodes-ZFS>/shared-certs  10.0.0.0/24(ro,sync,no_subtree_check,no_root_squash)
EOF

Code: Select all

exportfs -ra
systemctl restart nfs-kernel-server
#### Step 3
Create a Mounted drive on the NPMPlus Container

Code: Select all

pct set <CT_ID> -mp1 volume=/<evernodes-ZFS>/shared-certs,mp=/mnt/shared-certs
pct reboot <CT_ID>

## Prepare NPMPlus LXC
Based on installation using PVE Helper Script for NPMPlus
Modify the volumes of the nested NPMPlus container
### Step 1 Check mount status

Code: Select all

ls -laR /mnt/shared-certs

### Step 2 Update Compose.yaml
```bash

Code: Select all

cd /opt
nano compose.yaml
```
#### Add mount mapped to letsencrypt

Code: Select all

volumes:
      - "/opt/npmplus:/data"
      - "/mnt/shared-certs:/data/letsencrypt"
#### Then restart container

Code: Select all

cd /opt
docker compose down && docker compose up -d
#### Ensure NPMPlus started succesfully
Check Logs if it fails

Code: Select all

docker logs npmplus --tail 40
### Step 3 Create a cert and check mount folders again

- Add a proxy host for your first Evernode VM if one does not exist.
- Issue a new SSL Cert

#### Check Mount directories

Code: Select all

ls -laR /mnt/shared-certs
Ouput should resemble this

Code: Select all

npmplus:# ls -laR /mnt/shared-certs
/mnt/shared-certs:
total 16
drwxrwxrwx    8 nobody   nobody           8 Apr 14 14:02 .
drwxr-xr-x    3 root     root          4096 Apr 14 09:55 ..
drwx------    3 root     root             3 Apr 14 13:57 accounts
drwx------    3 root     root             3 Apr 14 13:57 acme-challenge
drwxrwxrwx    3 nobody   nobody           3 Apr 14 14:02 archive
drwxrwxrwx    3 nobody   nobody           4 Apr 14 14:02 live
drwx------    2 root     root             3 Apr 14 14:02 renewal
drwxr-xr-x    5 root     root             5 Apr 14 13:57 renewal-hooks
Note: the live folder will contain the directories for your certs
each cert is identified as npm-<certID>

## Prep the Evernode VM

### Step 1 Install NFS CLient

Code: Select all

sudo apt update && sudo apt install nfs-common -y
### Step 2 Mount the share drive
`

Code: Select all

sudo mkdir -p /mnt/certs
sudo mount -t nfs -o ro,vers=4,soft,timeo=10 <PVE_HOST_IP>:/<evernodes-ZFS>/shared-certs /mnt/certs
### Step 3 persist the mount indefinitely

Code: Select all

echo "<PVE_HOST_IP>:/<evernodes-ZFS>/shared-certs   /mnt/certs   nfs   ro,vers=4,soft,timeo=10,retrans=3  0  0" | sudo tee -a /etc/fstab
Test the mount

Code: Select all

sudo mount -a
## Install Evernode

### Proceed as normal
Ubuntu 24.04

Code: Select all

curl -fsSL https://raw.githubusercontent.com/EvernodeXRPL/evernode-24-resources/main/sashimono/installer/evernode.sh | sudo bash -s install
**Eneter your email, and domain, but enter N when asked to install LetsEncrypt**

You will be prompted for the path to the cert
Private key: /mnt/certs/live/npm-<certID>/privkey.pem
Certificate: /mnt/certs/live/npm-<certID>/cert.pem
CA bundle: /mnt/certs/live/npm-<certID>/chain.pem

If Evernode is already installed you can use the applyssl command

Code: Select all

sudo evernode applyssl \
  /mnt/certs/live/npm-<certID>//privkey.pem \
  /mnt/certs/live/npm-<certID>//chain.pem \
  /mnt/certs/live/npm-<certID>//fullchain.pem
Installation should proceed
Top
Post Reply

Return to “EverPanel”