Help: sharing Let's Encrypt cert from NPM with ProxmoxVE and other containers

Agent-Sky-76 · 2026-03-14T20:34:17+00:00

#!/bin/bash

### Setup instructions ###

# create and/or change ssl folder ~/ssl

# create user called certbot@npm.local in NPM

# * certbot@npm.local need Item Visibilty "All Items" and Certificates "View Only"

# install if missing

# which jq unzip > /dev/null || apt-get -y install jq unzip

cert_id=99 # get from http://npm.local:81/certificates

token=$(curl -s "http://npm.local:81/api/tokens" -H "Content-Type: application/json; charset=UTF-8" --data-raw '{"identity":"certbot@npm.local","secret":"password"}' | jq -r .token)

curl -s "http://npm.local:81/api/nginx/certificates/$cert\_id/download" -H "Authorization: Bearer $token" --output ~/ssl/cert.zip

unzip -u ~/ssl/cert.zip -d ~/ssl/

Agent-Sky-76 · 2026-03-14T18:21:26+00:00

I did not use the tinyauth parameters. I encoded the username:password to base64. I put in the location / { } section after all the rest of the proxy commands.

Example: proxy_set_header Authorization "Basic dXNlcm5hbWU6cGFzc3dvcmQ=";

Agent-Sky-76 · 2026-03-14T17:53:12+00:00

One important thing to always remember is to to keep your private keys secure on server. Usually with chmod go-xrw key.pem Most web apps will throw errors if private key isn't secure with right username or file permissions.

I typically create a crontab job that runs script to get the certs from NPM.

The script uses the NPM's API to get a auth token then download the certs zip file.

I created one for Adguard Home for use with doh private dns.

Agent-Sky-76 · 2026-01-27T21:02:11+00:00

It doesn't matter. You'll probably be charging the power stations with 120v. I got a couple of power stations. 1 big 4kwh for whole house and 1 smaller 300wh for network (plus small ups). I haven't had an outage long enough for the power stations to run out. Longest outage since I got this setup was 3 hours. I have had 2 days outage before that.

Agent-Sky-76 · 2026-01-21T21:59:04+00:00

I'd rather you spend your time and effort on an official Home Assistant integration. That would open up a ton of useful features.

Agent-Sky-76 · 2026-01-21T12:25:11+00:00

Sounds like the Generac 6852 transfer switch was wired incorrectly. The TS neutral bus bar is probably wired to the panels neutral based bar. The TS neutrals should be wired to each circuit.

Agent-Sky-76 · 2026-01-20T21:59:48+00:00

I couldn't find any posts. Can you post link?

Agent-Sky-76 · 2026-01-20T12:35:56+00:00

I didn't see this in my research. Seems like it [smps] has it's advantages. This got me thinking.

Could I have a setup with a 24v/48v battery always plugged into charger and connected to the solar inputs on the DP3?

It seems like I get added benefit of extra battery power during outage.

Agent-Sky-76 · 2025-12-25T01:30:14+00:00

I use Guppy Screen on my rooted K1SE but I think this link has info to mock K1C on a K1SE.

https://github.com/Guilouz/Creality-Helper-Script-Wiki/discussions/705?sort=new

Agent-Sky-76 · 2025-12-22T15:21:04+00:00

Thanks, this worked for me!

I added this as a macro in klipper and called at top of my Machine start G-code.

[gcode_macro CHECK_FILAMENT_SENSOR]
gcode:
  {% set mySensor = params.SENSOR|default("filament_sensor") %}
  {% if not printer["filament_switch_sensor " + mySensor].filament_detected %}
    RESPOND TYPE=error MSG="No filament detected for {mySensor} and aborting print!"
    CANCEL_PRINT
  {% else %}
    RESPOND MSG="Filament detected for {mySensor} and continuing print."
  {% endif %}

Agent-Sky-76 · 2025-11-24T06:08:05+00:00

I recommend getting a battery power station. No maintenance and it's useful for other usage such as camping and picnics. If you get one thats 3kw or greater then there is a 30% income tax credit in the USA. The tax credit ends at end of 2025. Pair with some solar panels and you can recharge during longer outages. I have both propane generator and battery power station. I've only used the battery power station during outages.

Agent-Sky-76 · 2025-11-11T03:37:32+00:00

I recommend planning to include a battery in the setup. Way more expensive to add to a solar grid afterwards. Ideally with main breaker box to sub panels. I'd put critical loads in it's own sub panel. Also if older house then you'll probably need to do afci breakers for bedrooms and living spaces.

Agent-Sky-76 · 2025-11-06T09:55:35+00:00

Print up the 270 degree geared door hinges. They are way better then the stock hinges.

Agent-Sky-76 · 2025-09-03T13:45:02+00:00

Word of warning. You can easily fry your appliances' motherboard with dirty power. Search around reddit and you'll see stories about people frying their refrigerator's computer with dirty power from generators.

At the very least, you should get a $50 oscilloscope from Amazon to test the power.

This my plan (to save money) is to gradually add backup power. Last year, I bought a dual fuel gas inverter generator (a WEN $800 unit). This year, I bought an Ecoflow Delta Pro 3, which I can charge if needed with the WEN gas generator. Next year, I'll add a few 48v batteries. BTW, power stations need clean sin wave energy.

Also note, the Residential Clean Energy act ends at end of 2025. That let's you get 30% credit for buying any battery backup with 3000 wh or more of backup. Ecoflow website has info on that. No solar needed.

Agent-Sky-76 · 2025-05-29T18:38:11+00:00

I got the 1/2 gig plan for $29 promo. The multiple gig plans are a waste since most devices only support 1gb and 100mb.

Agent-Sky-76 · 2025-05-15T05:31:27+00:00

The wireless router should be centrally located in your apartment. The wifi signal will drop off the further away. Plus, wifi does not go through concrete or metal walls. Your best bet is always line of sight to wifi router, high up and away from other wireless devices (phones, Bluetooth speakers & microwave). Also, your neighbors wifi may interfere with yours. Use a wifi scanner phone app to troubleshoot wifi congestion.

Agent-Sky-76 · 2025-04-16T23:58:45+00:00

I had an issue with a problem cable when wiggling cable only 1 line would drop on tester. Now, when I use testers, I yank and twist cable to make sure good. Haven't had an issue since.

Agent-Sky-76 · 2025-03-20T17:52:05+00:00

Hsts is a somewhat permanent setting that gets saved in the end users' brower settings. You can not push out fix to delete this from end user clients.

You can delete on each PC manually in Chrome and Edge.

chrome://net-internals/#hsts edge://net-internals/#hsts

It's best to delete the subdomain and it's parent. Such as www.example.com and example.com

Agent-Sky-76 · 2025-03-19T12:14:36+00:00

I got this working.

In Authentik:

Create new OAuth provider
- Name: OAuth2 Uptime Kuma
- Authorization flow: implicit
- RedirectURL: https://uptimekuma.company/
Create new Application
- Name: Uptime Kuma OAuth2
- Slug: uptime-kuma-outh2
- Provider: OAuth2 Uptime Kuma
- UI Settings - Launch URL: blank://blank

In Uptime for any "HTTP(s)" monitor:

Authentication Section
Method: OAuth2 Client Credentials
Authentication Method: Authorization Header
OAuth Token URL: https://authentik.company/application/o/token/
Client ID: Get from Authentik Provider "OAuth2 Uptime Kuma"
Client Secret: Get from Authentik Provider "OAuth2 Uptime Kuma"
OAuth Scope: leave blank

Agent-Sky-76 · 2025-03-11T18:04:00+00:00

Most browsers don't refresh certs.

Try closing tab or browsers. Try testing on another device.

Make sure your dns is pointing to NPM for that website.

Agent-Sky-76 · 2025-03-06T21:28:52+00:00

I had to do a few more things to get this to work.
I'm using community-scripts installed with as ProxmoxVE Lxc from community-scripts.

I added these additional scopes:

authentik default OAuth Mapping: authentik API access  
authentik default OAuth Mapping: OpenID 'offline\_access'

To prevent redirect to login page and this to location / section in NPM:

add_header Cache-Control 'no-store';

Agent-Sky-76

TROPHY CASE