Skip to main content

SSL & HTTPS

Automated certificate management via Cloudflare DNS-01 challenge.

Documentation
Overview CLI Reference Configuration Managing Accounts SSL & HTTPS Backups WireGuard VPN Changelog
Resources
Install Guide Features GitHub →

SSL Certificate Management

iNetPanel uses DNS-01 challenge for Let's Encrypt certificates via the Cloudflare API. This means certificates are issued even when your server has no public HTTP access — perfect for the Zero Trust Tunnel setup.

How certificate issuance works

  1. When a domain is added, iNetPanel calls Certbot with the Cloudflare DNS plugin
  2. Certbot adds a _acme-challenge TXT record to your Cloudflare DNS zone via the API
  3. Let's Encrypt verifies the TXT record and issues the certificate
  4. The TXT record is automatically cleaned up after issuance
  5. Certificates are stored in /etc/letsencrypt/live/<domain>/

Self-signed fallback

If the Cloudflare API token isn't configured, or if Let's Encrypt rate limits are hit, iNetPanel falls back to a self-signed certificate. The domain will work over HTTPS but browsers will show a security warning.

Auto-renewal

Certbot runs automatically every day at 4 AM via cron and renews any certificate expiring within 30 days. No manual intervention needed.

Managing certificates from the admin panel

Go to Admin → SSL Certificates to view:

  • All issued certificates with expiry dates
  • Certificate status (valid, expiring soon, expired)
  • Actions: issue new, revoke, force renew

CLI commands

# Issue a new certificate
inetp ssl_manage issue yourdomain.com

# Force renew a specific domain
inetp ssl_manage renew yourdomain.com

# Check all certificate statuses
inetp ssl_manage status