Certbot (LetsEncrypt) on custom port (Nginx OR apache)
It's perfectly fine to have Nginx on port 80 merely for HTTP-01 challenge and then use the certificates created using it on another web applications or even another server software altogether. It doesn't need to perform any reverse proxying in order to serve the http://example.com/.well-known/acme-challenge/
, e.g.
server {
listen 80;
server_name example.com;
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/.well-known/acme-challenge/;
}
location / {
return 404;
}
}
Furthermore, you don't necessarily need a web server listening on port 80 at all, as Certbot can use its own built-in web server for handling the challenges:
sudo certbot certonly --standalone --preferred-challenges http -d example.com
Related videos on Youtube
Comments
-
T.Todua over 1 year
I've found many similar questions, people asking about how-to setup SSL on different ports (other than 80/443), i.e.
1234
port. However, all answers were likeuse redirection
orproxying requests
ordns-validation (instead of http)
or use alternative approaches. However, nowhere you can find even a single answer in StackExchange manner, I mean step-by-step for newbie, how to do that.However, note, redirection is not solution, because on 80/443 a person might have a regular website, but on 1234 port a completely different app. So, just "redirection" from
1234
to80
will mess-up sites, right? -
Tero Kilkanen over 3 yearsThe port
1234
is used in whichever application is used to serve the website. -
Esa Jokinen over 3 yearsYou only need port 80 at the time the certificate is issued, usually once every 2 months per certificate. After that you can use the certificate everywhere you want. Think of using the certificate for an email server (SMTP&IMAP) which can't even answer HTTP challenge, as it's not talking the HTTP protocol. Also, even with the port 80 you won't use it FOR that port, but for TLS on another port 443.
-
T.Todua about 3 yearsCan you tell also for Apache? Thanks in advance.