# SSL Certificate

### Notes

* This operation will interrupt Helmut's normal operation. Please plan a downtime window and ensure an up-to-date backup is done before changing any configuration.
* Please ensure the SSL certificate is signed and valid
* The .key must be RSA, we do not support elliptic-curve for now
* The .key file should not be password protected
* You need to use X509CO cert format

\
Traefik version 4.0.2.x:\
1.) Copy the certificate (*.crt*) and the (*.key*) files from your computer to the Helmut server */root/certs* folder. Make sure the files are named *server.crt* and *server.key* respectively\
2.) Access Portainer by going to [http://helmut\_server\_address:9000](http://helmut_server_address:9000/)\
3.) Go to Stacks

<figure><img src="/files/v6SDCyl8rm83ZdPeU06z" alt=""><figcaption></figcaption></figure>

4.) Edit the Helmut4 stack file

<figure><img src="/files/Aeb12JMLUL1PddegBVkk" alt=""><figcaption></figcaption></figure>

5.) Check the SSL configuration on the Traefik service:

<figure><img src="/files/CePFOCIhdasRexQGSK9E" alt=""><figcaption></figcaption></figure>

Make sure the following configuration&#x20;

```
command: --configFile=/etc/traefik-ssl/traefik.toml
```

is available in your stack file version.\
\
If you **have** this line, and it starts with a #, delete this character to uncomment the line.\
If you **don't** have this line, please add it below the *image:* line\
\
The same with the volumes mount for the certificate which needs to be uncomment by deleting the #

```
- /root/certs:/certs
```

<figure><img src="/files/l1bcyKhgBGTsnaMl1XHT" alt=""><figcaption></figcaption></figure>

6.) Update the stack file

<figure><img src="/files/MsZTnS6jmlZkeHdY6K8l" alt=""><figcaption></figcaption></figure>

7.) Access Helmut webpage using *https:* and check if the certificate is loaded<br>

### Convert pem certificate in crt / key

If the certificate is a pem one (it doesn't matter if it is a single one or a split one: cert + key) the easiest way to convert pem into a .crt & .key file is to open those in an editor and copy/paste the content in the appropriate server.\* file.\
Attention: please check that there is no empty line at the end of both files as this can lead to problems as we suggest to remove also comments\
\
This is an example of a pem containing key & certificate

<figure><img src="/files/tMCqccuObN9XHtSkyh6Q" alt=""><figcaption></figcaption></figure>

If there are several certificates fo a CA-chain those need to be copied one after another which will look like this:

<figure><img src="/files/9LK1a6Gj9h0jxOSbzCGF" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.helmut.de/helmut4-releases/v4.7.0/getting-started/misc/ssl-certificate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.