Creating SSL Certificates
Set up Let's Encrypt certificates for the panel and daemon nodes.
Panel certificate
Section titled “Panel certificate”Install Certbot and obtain a certificate:
sudo apt install -y certbotsudo certbot certonly --standalone -d panel.example.comIf Nginx is already running on port 80, stop it first or use the Nginx plugin:
sudo apt install -y python3-certbot-nginxsudo certbot --nginx -d panel.example.comAfter obtaining the certificate, update your Nginx config to reference:
/etc/letsencrypt/live/panel.example.com/fullchain.pem/etc/letsencrypt/live/panel.example.com/privkey.pemAnd set in .env:
APP_URL=https://panel.example.comASSET_URL=https://panel.example.comNode certificate for skyportd
Section titled “Node certificate for skyportd”If SSL is enabled for a node in the panel, skyportd needs certificate files.
On the node machine:
sudo apt install -y certbotsudo certbot certonly --standalone -d node.example.comThe daemon automatically checks these default paths:
/etc/letsencrypt/live/node.example.com/fullchain.pem/etc/letsencrypt/live/node.example.com/privkey.pemIf the files exist, skyportd uses them automatically. If not, it will prompt for custom paths during startup.
Renewal
Section titled “Renewal”Certbot sets up automatic renewal by default. Verify with:
sudo certbot renew --dry-runMake sure your renewal process can bind to port 80 (standalone) or that Nginx is configured for the challenge.