SSL Certificate


  • This operation will interrupt Helmut's normal operation. Please plan a downtime window and ensure an up-to-date backup is done before changing any configuration.
  • Please ensure the SSL certificate is signed and valid
  • The .key must be RSA, we do not support elliptic-curve for now
  • The .key file should not be password protected
  • You need to use X509CO cert format
Traefik version 4.0.2.x: 1.) Copy the certificate (.crt) and the (.key) files from your computer to the Helmut server /root/certs folder. Make sure the files are named server.crt and server.key respectively 2.) Access Portainer by going to http://helmut_server_address:9000 3.) Go to Stacks
4.) Edit the Helmut4 stack file
5.) Check the SSL configuration on the Traefik service:
Make sure the following configuration
command: --configFile=/etc/traefik-ssl/traefik.toml
is available in your stack file version. If you have this line, and it starts with a #, delete this character to uncomment the line. If you don't have this line, please add it below the image: line The same with the volumes mount for the certificate which needs to be uncomment by deleting the #
- /root/certs:/certs
6.) Update the stack file
7.) Access Helmut webpage using https: and check if the certificate is loaded

Convert pem certificate in crt / key

If the certificate is a pem one (it doesn't matter if it is a single one or a split one: cert + key) the easiest way to convert pem into a .crt & .key file is to open those in an editor and copy/paste the content in the appropriate server.* file. Attention: please check that there is no empty line at the end of both files as this can lead to problems as we suggest to remove also comments This is an example of a pem containing key & certificate
If there are several certificates fo a CA-chain those need to be copied one after another which will look like this: