From b03e4b448f8d420959edb43f1ee6f30f138976c6 Mon Sep 17 00:00:00 2001 From: ktechmidas <9920871+ktechmidas@users.noreply.github.com> Date: Tue, 24 Feb 2026 17:06:10 +0300 Subject: [PATCH] docs: add Let's Encrypt as recommended SSL provider for evonodes Let's Encrypt is now the first and recommended SSL certificate option for evonode setup since it's free, requires no account registration, and dashmate handles renewal automatically. Co-Authored-By: Claude Opus 4.6 --- docs/user/masternodes/setup-evonode.rst | 39 ++++++++++++++++++------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/docs/user/masternodes/setup-evonode.rst b/docs/user/masternodes/setup-evonode.rst index 561a2902d..507e19564 100644 --- a/docs/user/masternodes/setup-evonode.rst +++ b/docs/user/masternodes/setup-evonode.rst @@ -597,22 +597,38 @@ Prerequisites - 9999/tcp - 443/tcp - 26656/tcp - - 80/tcp (if you are going to use ZeroSSL) + - 80/tcp (required for Let's Encrypt or ZeroSSL certificate validation) - Backup of any existing Dash Core and dashmate configuration data, including private keys -- `ZeroSSL API access key `_ or SSL certificate for the public - IPv4 address (not DNS name) +- An email address for Let's Encrypt certificate registration, or a `ZeroSSL API access key + `_, or an SSL certificate for the public IPv4 address (not DNS + name) .. _evonode-ssl-cert: SSL certificates ---------------- -There are two ways to get SSL certificates: +An SSL certificate is required for your evonode to communicate securely with the Dash Platform +network. There are three ways to get SSL certificates: -1. Register for the ZeroSSL service and set your API key. Since ZeroSSL provides an API, dashmate - can update your certificates automatically. The free plan only provides 3 free certificates (or 3 - renewals of 1 certificate). Other plans require paying with a credit card. You can get an API key - for dashmate by completing the following steps: +1. **Let's Encrypt (recommended)**. Let's Encrypt is a free, automated certificate authority that + provides SSL certificates at no cost and with no account registration required. Dashmate has + built-in support for obtaining and automatically renewing Let's Encrypt certificates. All you need + is an email address for certificate expiry notifications. + + During ``dashmate setup``, select **Let's Encrypt** as the SSL provider and enter your email + address when prompted. Dashmate will handle the rest, including automatic renewal before + certificates expire. + + .. note:: + + Let's Encrypt requires port 80/tcp to be open for the ACME HTTP-01 challenge used to validate + your server's IP address during certificate issuance and renewal. + +2. **ZeroSSL**. ZeroSSL provides an API that allows dashmate to obtain and update your certificates + automatically. The free plan provides 3 free certificates (or 3 renewals of 1 certificate). Other + plans require paying with a credit card. You can get an API key for dashmate by completing the + following steps: - Register on `https://zerossl.com/ `_. *We recommend not using your personal email address.* @@ -624,14 +640,15 @@ There are two ways to get SSL certificates: ZeroSSL Developer tab showing the API key -2. Obtain SSL certificates for your IP address using any available provider and upload the - certificate files to your server. `SSL Dragon `_ and `SuperbitHost +3. **Manual certificate upload**. Obtain SSL certificates for your IP address using any available + provider and upload the certificate files to your server. `SSL Dragon + `_ and `SuperbitHost `_ are two options that accept cryptocurrency. Please make sure that the certificate chain file contains your server certificate at the top and intermediate/root certificates if present. If a bundle file is present, you need to concatenate it with the certificate file:: - + cat certificate.crt bundle.crt > bundle.crt Verify the validity of the private key and certificate chain by running these commands::