diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-11.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-11.conf
index 41327cb..8df4e49 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-11.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-11.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-11
 cert = /etc/letsencrypt/live/npm-11/cert.pem
 privkey = /etc/letsencrypt/live/npm-11/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-12.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-12.conf
index 7a1708b..052b191 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-12.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-12.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-12
 cert = /etc/letsencrypt/live/npm-12/cert.pem
 privkey = /etc/letsencrypt/live/npm-12/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-13.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-13.conf
index 826e9df..7f5920d 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-13.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-13.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-13
 cert = /etc/letsencrypt/live/npm-13/cert.pem
 privkey = /etc/letsencrypt/live/npm-13/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-14.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-14.conf
index 87aef10..5dd138c 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-14.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-14.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-14
 cert = /etc/letsencrypt/live/npm-14/cert.pem
 privkey = /etc/letsencrypt/live/npm-14/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-15.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-15.conf
index d1072e5..6160c26 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-15.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-15.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-15
 cert = /etc/letsencrypt/live/npm-15/cert.pem
 privkey = /etc/letsencrypt/live/npm-15/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-16.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-16.conf
index 0884fd4..53b2546 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-16.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-16.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-16
 cert = /etc/letsencrypt/live/npm-16/cert.pem
 privkey = /etc/letsencrypt/live/npm-16/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/nginx-proxy-manager/letsencrypt/renewal/npm-17.conf b/nginx-proxy-manager/letsencrypt/renewal/npm-17.conf
index 8e6b115..c9f033e 100644
--- a/nginx-proxy-manager/letsencrypt/renewal/npm-17.conf
+++ b/nginx-proxy-manager/letsencrypt/renewal/npm-17.conf
@@ -1,4 +1,4 @@
-version = 4.1.1
+version = 5.1.0
 archive_dir = /etc/letsencrypt/archive/npm-17
 cert = /etc/letsencrypt/live/npm-17/cert.pem
 privkey = /etc/letsencrypt/live/npm-17/privkey.pem
@@ -11,10 +11,10 @@ account = 020f85d8def96a90143fbf56a6214037
 key_type = ecdsa
 elliptic_curve = secp384r1
 preferred_chain = ISRG Root X1
-pref_challs = dns-01, http-01
+pref_challs = http-01,
 config_dir = /etc/letsencrypt
 work_dir = /tmp/letsencrypt-lib
-logs_dir = /tmp/letsencrypt-log
+logs_dir = /data/logs
 authenticator = webroot
 webroot_path = /data/letsencrypt-acme-challenge,
 server = https://acme-v02.api.letsencrypt.org/directory
diff --git a/portainer/compose.yml b/portainer/compose.yml
index 950a473..29e6209 100644
--- a/portainer/compose.yml
+++ b/portainer/compose.yml
@@ -7,9 +7,12 @@ services:
             - 9443:9443
         container_name: portainer
         restart: always
+        #environment:
+          #- VIRTUAL_HOST=portainer.home.ramberg.net
+          #- VIRTUAL_PORT=9443
         volumes:
-            - /var/run/docker.sock:/var/run/docker.sock
-            - /home/rcadmin/docker/portainer/data:/data
+          - /var/run/docker.sock:/var/run/docker.sock
+          - /home/rcadmin/docker/portainer/data:/data
         image: portainer/portainer-ce:lts
         deploy:
           placement:
diff --git a/stunnel/README.md b/stunnel/README.md
new file mode 100644
index 0000000..73ab9be
--- /dev/null
+++ b/stunnel/README.md
@@ -0,0 +1,66 @@
+# stunnel
+
+## download
+
+`docker pull chainguard/stunnel:latest`
+or
+`docker pull cgr.dev/ORGANIZATION/stunnel:latest`
+
+## run
+
+`docker run cgr.dev/chainguard/stunnel`
+or
+`docker run cgr.dev/chainguard/stunnel:latest`
+
+
+## Options
+
+```
+
+Global options:
+chroot                 = directory to chroot stunnel process
+EGD                    = path to Entropy Gathering Daemon socket
+engine                 = auto|engine_id
+engineCtrl             = cmd[:arg]
+engineDefault          = TASK_LIST
+foreground             = yes|quiet|no foreground mode (don't fork, log to stderr)
+log                    = append|overwrite log file
+output                 = file to append log messages
+pid                    = pid file
+RNDbytes               = bytes to read from random seed files
+RNDfile                = path to file with random seed data
+RNDoverwrite           = yes|no overwrite seed datafiles with new random data
+syslog                 = yes|no send logging messages to syslog
+
+Service-level options:
+accept                 = [host:]port accept connections on specified host:port
+CAengine               = engine-specific CA certificate identifier for 'verify' option
+CApath                 = CA certificate directory for 'verify' option
+CAfile                 = CA certificate file for 'verify' option
+cert                   = certificate chain
+checkEmail             = peer certificate email address
+checkHost              = peer certificate host name pattern
+checkIP                = peer certificate IP address
+ciphers                = permitted ciphers for TLS 1.2 or older
+ciphersuites           = permitted ciphersuites for TLS 1.3
+client                 = yes|no client mode (remote service uses TLS)
+config                 = command[:parameter] to execute
+connect                = [host:]port to connect
+CRLpath                = CRL directory
+CRLfile                = CRL file
+curves                 = ECDH curve names
+debug                  = [facility].level (e.g. daemon.info)
+delay                  = yes|no delay DNS lookup for 'connect' option
+engineId               = ID of engine to read the key from
+engineNum              = number of engine to read the key from
+exec                   = file execute local inetd-type program
+execArgs               = arguments for 'exec' (including $0)
+failover               = rr|prio failover strategy
+ident                  = username for IDENT (RFC 1413) checking
+include                = directory with configuration file snippets
+key                    = certificate private key
+local                  = IP address to be used as source for remote connections
+logId                  = connection identifier type
+OCSP                   = OCSP responder URL
+```
+