How do you set up SSL certificates for additional ports in Apache?

server apache2 debian ssl certificates

22,089

Solution 1

First you should read these answers:

Based on the above answers the steps are:

Create a new VirtualHost configuration file, dedicated to your additional port. Let's assume this is port 99, and the configuration file name is https-99.conf:

sudo nano /etc/apache2/sites-available/https-99.conf

The content of https-99.conf should look like this:

<IfModule mod_ssl.c>

Listen 99

<VirtualHost *:99>

        ServerName www.example.com

        DocumentRoot /var/www/html-99

        <Directory /var/www/html-99>
                Options None FollowSymLinks
                AllowOverride None
                # To enable .htaccess Overrides: AllowOverride All
                DirectoryIndex index.html index.php
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/https-99.error.log
        CustomLog ${APACHE_LOG_DIR}/https-99.access.log combined

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem

</VirtualHost>

</IfModule>

Copy the above content and in nano use: Shift+Insert for paste; Ctrl+O and Enter for save; Ctrl+X for exit.

Enable the configuration file:
```
sudo a2ensite https-99.conf
```

Generate Let's Encrypt certificate files:

sudo letsencrypt --apache certonly --rsa-key-size 4096 --email [email protected] -d www.example.com

Where [email protected] and www.example.com must be real.

Open port 99 into the firewall:
- If you use UFW you can do that by this command: sudo ufw allow 99/tcp
- If you use IPTables: sudo iptables -A INPUT -p tcp -m tcp --dport 99 -j ACCEPT
Create the DocumentRoot directory:
```
sudo mkdir /var/www/html-99
```

Put some simple content in the DocumentRoot directory:

echo 'Hello!!!' | sudo tee /var/www/html-99/index.html

Reload Apache's configuration:
- Ubuntu 14.04: sudo service apache2 reload
- Ubuntu 16.04: sudo systemctl reload apache2.service
Try to open https://www.example.com:99 via the browser. The result should be:

Solution 2

You make modifications in apache's /etc/apache2/ports.conf to inform apache to listen on these different ports:

Listen 8080
<IfModule ssl_module>            
        Listen 446
</IfModule>

The steps would be:

Create your SSL certificates:

Make directory to add certificates:
```
mkdir -p /etc/apache2/ssl/example.com
```

Create a self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com/apache.key –out /etc/apache2/ssl/example.com/apache.crt

Enable the ssl module with: sudo a2enmod ssl

Make entries in your Virtualhost files ( called example.conf ), with sudo nano /etc/apache2/sites-available/example.conf

<VirtualHost *:8080>
    ServerAdmin webmaster@localhost
    ServerName example.com
    DocumentRoot /var/www/html

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:446>

    ServerAdmin webmaster@localhost
    ServerName example.com
    DocumentRoot /var/www/html

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key
</VirtualHost>

</IfModule>

Tell apache to listen in the new ports by adding the ports to /etc/apache2/ports.conf file:
```
Listen 8080
<IfModule ssl_module>            
    Listen 446
</IfModule>

<IfModule mod_gnutls.c>
    Listen 446
</IfModule>
```
- This tells apache to listen for SSL traffic on port 446 as against 443
Enable the config files:
```
sudo a2ensite example
```
Restart apache:
```
sudo systemctl restart apache2
```

22,089

Dan Vu

Updated on September 18, 2022

Comments

Dan Vu over 1 year

Simple question, I just wanted to know how to install SSL certificates in other ports in a webserver. I'm trying to get a web application to be able to have a valid SSL certificate. I use apache2. I've already tried to edit the virtualhost file. I don't even know what I'm trying to do.
- George Udosen over 6 years
  
  "I don't even know what I'm trying to do": and yet you say it's simple!
- Dan Vu over 6 years
  
  I'm referring to the silliness of my situation.
- George Udosen over 6 years
  
  I know but don't beat yourself up it happens to all of us and no situation is ever so simple, if it were we won't learn a thing :)
- George Udosen over 6 years
  
  What do you mean by "other ports"?
- Dan Vu over 6 years
  
  I refer to ports that are not 443 or 80
- pa4080 over 6 years
  
  By the way, Debian is off-topic here. @George, should we flag the question?
- George Udosen over 6 years
  
  @pa4080 i didn't see that, yes flag it...
Dan Vu over 6 years

Do you know how to do the same for web applications already using these ports?
George Udosen over 6 years

What applications are these?
pa4080 over 6 years

letsencrypt / python-letsencrypt-apache is available for Ubuntu 16.04 and above, for the previous versions there is certbot which is almost the same. From Ubuntu Manuals. Sert
Dan Vu over 6 years

I refer to shellinabox, emby, and webmin
George Udosen over 6 years

Refer to their individual config files to change the listening ports then add it to the apache config files