SSL Certificates

BadgerPanel requires HTTPS to operate securely. SSL certificates are set up automatically during installation, but you may need to manage them over time.

---

Automatic Setup During Installation

When you install BadgerPanel, the installer automatically:

1. Requests a free SSL certificate from Let's Encrypt for your panel domain
2. Configures the web server to use the certificate
3. Sets up a cron job for automatic renewal

No manual SSL configuration is needed for a standard installation.

---

Automatic Renewal

Let's Encrypt certificates are valid for 90 days. A cron job runs periodically to check and renew certificates before they expire. This happens in the background with no downtime.

You can verify the renewal cron is active:

sudo crontab -l

You should see an entry that runs certbot renew.

---

Manual Renewal

If you need to manually renew your certificate (for example, after fixing a DNS issue), run:

sudo certbot renew

After renewing, restart the panel web server to pick up the new certificate:

cd ~/badgerpanel
docker compose restart nginx

To check when your current certificate expires:

sudo certbot certificates

---

Using Custom SSL Certificates

If you prefer to use your own SSL certificate instead of Let's Encrypt (for example, a wildcard or organization-validated certificate), you can replace the certificate files.

1. Place your certificate and key files in the SSL directory:

~/badgerpanel/docker/nginx/ssl/

2. The expected file names are:

   • fullchain.pem - Your certificate chain (certificate + intermediate certificates)
   • privkey.pem - Your private key

3. Restart the web server:

cd ~/badgerpanel
docker compose restart nginx

Make sure your certificate covers the domain configured in your .env file's APP_URL setting.

---

Troubleshooting SSL Issues

Certificate Request Fails During Installation

Issue	Solution
DNS not pointing to server	Verify your domain's A record points to your server's public IP: dig panel.example.com
Port 80 blocked	Let's Encrypt requires port 80 for HTTP challenges. Ensure it is open in your firewall and not used by another service.
Rate limit reached	Let's Encrypt limits certificate requests per domain. Wait one hour and try again.

Browser Shows Certificate Warning

• The certificate may have expired. Check with sudo certbot certificates and renew if needed.
• The domain in the browser may not match the certificate. Ensure you are accessing the panel using the exact domain the certificate was issued for.
• If using a custom certificate, verify the full chain is included in fullchain.pem (not just the leaf certificate).

Mixed Content Warnings

If the browser shows mixed content warnings, ensure APP_URL in your .env file starts with https:// and restart the panel services.