Creating SSL Certificate in Nginx Proxy Manager
If you self-hosted and/or have a homelab, you’ll need to expose some services to the Internet. This guide provides step-by-step instructions for creating SSL certificates for your services in Nginx Proxy Manager (NPM). We’ll use Let’s Encrypt as the certificate authority and Cloudflare’s DNS validation method.
Prerequisites
- Nginx Proxy Manager installed and running
- A domain managed through Cloudflare
- Access to your Cloudflare admin dashboard
- DNS records properly set up in Cloudflare
Getting the Cloudflare API Token
First, create an API token that NPM will use to validate your domain ownership. From your Cloudflare dashboard:
- Navigate to API Tokens in the menu
- Click Create Token
- Select Custom Token
- Configure these settings:
- Name: “MyHomeLab-ApiToken” (or any descriptive name)
- Permissions: Zone → DNS → Edit
- Zone Resources: Your specific domain(s)
- Create and copy your token
Setting Up the Certificate in NPM
Now let’s create the SSL certificate in Nginx Proxy Manager:
- Go to your NPM dashboard
- Navigate to SSL Certificates
- Click Add SSL Certificate
- Configure the certificate:
Domain Settings
- Primary domain:
example.com - Wildcard domain:
*.example.com
DNS Challenge Configuration
- Check “Use a DNS Challenge”
- DNS Provider: Cloudflare
- API Token: Paste your Cloudflare token
- Propagation Time: 120 seconds
Click Save and NPM will:
- Verify your domain through Cloudflare
- Generate the SSL certificate
- Set up automatic renewal
Security Tips
A few important security notes:
- Limit the API token to only the domains you need
- Keep your API token secure
- Check certificate renewal status periodically
- Review NPM logs for any certificate issues