Certbot (LetsEncrypt) on custom port (Nginx OR apache)

nginx ssl lets-encrypt certbot
7,288

It's perfectly fine to have Nginx on port 80 merely for HTTP-01 challenge and then use the certificates created using it on another web applications or even another server software altogether. It doesn't need to perform any reverse proxying in order to serve the http://example.com/.well-known/acme-challenge/, e.g.

server {
   listen 80;
   server_name example.com;

   location /.well-known/acme-challenge/ {
       alias /var/www/letsencrypt/.well-known/acme-challenge/;
   }
   location / {
       return 404;
   }
}

Furthermore, you don't necessarily need a web server listening on port 80 at all, as Certbot can use its own built-in web server for handling the challenges:

sudo certbot certonly --standalone --preferred-challenges http -d example.com
Share:
7,288

Related videos on Youtube

T.Todua
Author by

T.Todua

Joined StackOverflow: 4th July, 2012

Updated on September 18, 2022

Comments

  • T.Todua
    T.Todua over 1 year

    I've found many similar questions, people asking about how-to setup SSL on different ports (other than 80/443), i.e. 1234 port. However, all answers were like use redirection or proxying requests or dns-validation (instead of http) or use alternative approaches. However, nowhere you can find even a single answer in StackExchange manner, I mean step-by-step for newbie, how to do that.

    However, note, redirection is not solution, because on 80/443 a person might have a regular website, but on 1234 port a completely different app. So, just "redirection" from 1234 to 80 will mess-up sites, right?

  • Tero Kilkanen
    Tero Kilkanen over 3 years
    The port 1234 is used in whichever application is used to serve the website.
  • Esa Jokinen
    Esa Jokinen over 3 years
    You only need port 80 at the time the certificate is issued, usually once every 2 months per certificate. After that you can use the certificate everywhere you want. Think of using the certificate for an email server (SMTP&IMAP) which can't even answer HTTP challenge, as it's not talking the HTTP protocol. Also, even with the port 80 you won't use it FOR that port, but for TLS on another port 443.
  • T.Todua
    T.Todua about 3 years
    Can you tell also for Apache? Thanks in advance.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

NGINX + Let's encrypt: Could not automatically find a matching server block
How to setup Letsencrypt for Google Cloud Compute Engine load balancer?
Certbot - Could not find a suitable TLS CA certificate bundle [Archlinux]
NGINX - "server" directive is not allowed here
How to install cert-bot/letsencypt on Ubuntu?
Nginx Nextcloud too many redirects
Nginx HTTPS connection to port 443 refused
Let's Encrypt Nginx-plugin installation and usage
Nginx refused to connect to port 443
Export client certificate from Let's Encrypt certificates