Use NPMPlus to manage evernode SSL Certs
Posted: Tue Apr 14, 2026 8:08 pm
# NPMPlus managed SSL Certs for Evernode
## Prep the PVE host
In order to share certs with your vms you need to create a NFS server on the PVE host
#### Step 1 Install NFS server:
You also need to have a ZFS pool shared bu the PVE host and VMs
*replace evernnodes-ZFS with the name of your ZFS pool
#### Step 2 Create
#### Step 3
Create a Mounted drive on the NPMPlus Container
## Prepare NPMPlus LXC
Based on installation using PVE Helper Script for NPMPlus
Modify the volumes of the nested NPMPlus container
### Step 1 Check mount status
### Step 2 Update Compose.yaml
```bash
```
#### Add mount mapped to letsencrypt
#### Then restart container
#### Ensure NPMPlus started succesfully
Check Logs if it fails
### Step 3 Create a cert and check mount folders again
- Add a proxy host for your first Evernode VM if one does not exist.
- Issue a new SSL Cert
#### Check Mount directories
Ouput should resemble this
Note: the live folder will contain the directories for your certs
each cert is identified as npm-<certID>
## Prep the Evernode VM
### Step 1 Install NFS CLient
### Step 2 Mount the share drive
`
### Step 3 persist the mount indefinitely
Test the mount
## Install Evernode
### Proceed as normal
Ubuntu 24.04
**Eneter your email, and domain, but enter N when asked to install LetsEncrypt**
You will be prompted for the path to the cert
Private key: /mnt/certs/live/npm-<certID>/privkey.pem
Certificate: /mnt/certs/live/npm-<certID>/cert.pem
CA bundle: /mnt/certs/live/npm-<certID>/chain.pem
If Evernode is already installed you can use the applyssl command
Installation should proceed
## Prep the PVE host
In order to share certs with your vms you need to create a NFS server on the PVE host
#### Step 1 Install NFS server:
Code: Select all
apt update && apt install nfs-kernel-server -y
You also need to have a ZFS pool shared bu the PVE host and VMs
*replace evernnodes-ZFS with the name of your ZFS pool
#### Step 2 Create
Code: Select all
mkdir -p /<evernodes-ZFS>/shared-certs
chmod 777 /<evernodes-ZFS>/shared-certsCode: Select all
cat <<EOF >> /etc/exports
/<evernodes-ZFS>/shared-certs 10.0.0.0/24(ro,sync,no_subtree_check,no_root_squash)
EOFCode: Select all
exportfs -ra
systemctl restart nfs-kernel-serverCreate a Mounted drive on the NPMPlus Container
Code: Select all
pct set <CT_ID> -mp1 volume=/<evernodes-ZFS>/shared-certs,mp=/mnt/shared-certs
pct reboot <CT_ID>## Prepare NPMPlus LXC
Based on installation using PVE Helper Script for NPMPlus
Modify the volumes of the nested NPMPlus container
### Step 1 Check mount status
Code: Select all
ls -laR /mnt/shared-certs### Step 2 Update Compose.yaml
```bash
Code: Select all
cd /opt
nano compose.yaml#### Add mount mapped to letsencrypt
Code: Select all
volumes:
- "/opt/npmplus:/data"
- "/mnt/shared-certs:/data/letsencrypt"Code: Select all
cd /opt
docker compose down && docker compose up -dCheck Logs if it fails
Code: Select all
docker logs npmplus --tail 40- Add a proxy host for your first Evernode VM if one does not exist.
- Issue a new SSL Cert
#### Check Mount directories
Code: Select all
ls -laR /mnt/shared-certsCode: Select all
npmplus:# ls -laR /mnt/shared-certs
/mnt/shared-certs:
total 16
drwxrwxrwx 8 nobody nobody 8 Apr 14 14:02 .
drwxr-xr-x 3 root root 4096 Apr 14 09:55 ..
drwx------ 3 root root 3 Apr 14 13:57 accounts
drwx------ 3 root root 3 Apr 14 13:57 acme-challenge
drwxrwxrwx 3 nobody nobody 3 Apr 14 14:02 archive
drwxrwxrwx 3 nobody nobody 4 Apr 14 14:02 live
drwx------ 2 root root 3 Apr 14 14:02 renewal
drwxr-xr-x 5 root root 5 Apr 14 13:57 renewal-hookseach cert is identified as npm-<certID>
## Prep the Evernode VM
### Step 1 Install NFS CLient
Code: Select all
sudo apt update && sudo apt install nfs-common -y`
Code: Select all
sudo mkdir -p /mnt/certs
sudo mount -t nfs -o ro,vers=4,soft,timeo=10 <PVE_HOST_IP>:/<evernodes-ZFS>/shared-certs /mnt/certsCode: Select all
echo "<PVE_HOST_IP>:/<evernodes-ZFS>/shared-certs /mnt/certs nfs ro,vers=4,soft,timeo=10,retrans=3 0 0" | sudo tee -a /etc/fstabCode: Select all
sudo mount -a### Proceed as normal
Ubuntu 24.04
Code: Select all
curl -fsSL https://raw.githubusercontent.com/EvernodeXRPL/evernode-24-resources/main/sashimono/installer/evernode.sh | sudo bash -s installYou will be prompted for the path to the cert
Private key: /mnt/certs/live/npm-<certID>/privkey.pem
Certificate: /mnt/certs/live/npm-<certID>/cert.pem
CA bundle: /mnt/certs/live/npm-<certID>/chain.pem
If Evernode is already installed you can use the applyssl command
Code: Select all
sudo evernode applyssl \
/mnt/certs/live/npm-<certID>//privkey.pem \
/mnt/certs/live/npm-<certID>//chain.pem \
/mnt/certs/live/npm-<certID>//fullchain.pem