How do you set up SSL certificates for additional ports in Apache?
Solution 1
First you should read these answers:
- How to setup an additional VirtualHost
- Change phpMyAdmin port from 80 to another number
- How to create and enable Let's Encrypt HTTPS certificate
Based on the above answers the steps are:
-
Create a new VirtualHost configuration file, dedicated to your additional port. Let's assume this is port
99
, and the configuration file name ishttps-99.conf
:sudo nano /etc/apache2/sites-available/https-99.conf
The content of
https-99.conf
should look like this:<IfModule mod_ssl.c> Listen 99 <VirtualHost *:99> ServerName www.example.com DocumentRoot /var/www/html-99 <Directory /var/www/html-99> Options None FollowSymLinks AllowOverride None # To enable .htaccess Overrides: AllowOverride All DirectoryIndex index.html index.php Order allow,deny Allow from all Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/https-99.error.log CustomLog ${APACHE_LOG_DIR}/https-99.access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem </VirtualHost> </IfModule>
Copy the above content and in
nano
use: Shift+Insert for paste; Ctrl+O and Enter for save; Ctrl+X for exit. -
Enable the configuration file:
sudo a2ensite https-99.conf
-
Generate Let's Encrypt certificate files:
sudo letsencrypt --apache certonly --rsa-key-size 4096 --email [email protected] -d www.example.com
Where
[email protected]
andwww.example.com
must be real. -
Open port
99
into the firewall: -
Create the
DocumentRoot
directory:sudo mkdir /var/www/html-99
-
Put some simple content in the
DocumentRoot
directory:echo 'Hello!!!' | sudo tee /var/www/html-99/index.html
-
Reload Apache's configuration:
- Ubuntu 14.04:
sudo service apache2 reload
- Ubuntu 16.04:
sudo systemctl reload apache2.service
- Ubuntu 14.04:
-
Try to open
https://www.example.com:99
via the browser. The result should be:
Solution 2
You make modifications in apache's /etc/apache2/ports.conf
to inform apache to listen on these different ports:
Listen 8080
<IfModule ssl_module>
Listen 446
</IfModule>
The steps would be:
-
Create your SSL certificates:
-
Make directory to add certificates:
mkdir -p /etc/apache2/ssl/example.com
-
Create a self signed certificate:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com/apache.key –out /etc/apache2/ssl/example.com/apache.crt
-
Enable the ssl module with:
sudo a2enmod ssl
-
Make entries in your
Virtualhost
files ( called example.conf ), withsudo nano /etc/apache2/sites-available/example.conf
<VirtualHost *:8080> ServerAdmin webmaster@localhost ServerName example.com DocumentRoot /var/www/html </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:446> ServerAdmin webmaster@localhost ServerName example.com DocumentRoot /var/www/html # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key </VirtualHost> </IfModule>
-
Tell apache to listen in the new ports by adding the ports to
/etc/apache2/ports.conf
file:Listen 8080 <IfModule ssl_module> Listen 446 </IfModule> <IfModule mod_gnutls.c> Listen 446 </IfModule>
- This tells apache to listen for SSL traffic on port
446
as against443
- This tells apache to listen for SSL traffic on port
-
Enable the config files:
sudo a2ensite example
-
Restart apache:
sudo systemctl restart apache2
Related videos on Youtube
Dan Vu
Updated on September 18, 2022Comments
-
Dan Vu over 1 year
Simple question, I just wanted to know how to install SSL certificates in other ports in a webserver. I'm trying to get a web application to be able to have a valid SSL certificate. I use apache2. I've already tried to edit the virtualhost file. I don't even know what I'm trying to do.
-
George Udosen over 6 years"I don't even know what I'm trying to do": and yet you say it's simple!
-
Dan Vu over 6 yearsI'm referring to the silliness of my situation.
-
George Udosen over 6 yearsI know but don't beat yourself up it happens to all of us and no situation is ever so simple, if it were we won't learn a thing :)
-
George Udosen over 6 yearsWhat do you mean by "other ports"?
-
Dan Vu over 6 yearsI refer to ports that are not 443 or 80
-
pa4080 over 6 yearsBy the way, Debian is off-topic here. @George, should we flag the question?
-
George Udosen over 6 years@pa4080 i didn't see that, yes flag it...
-
-
Dan Vu over 6 yearsDo you know how to do the same for web applications already using these ports?
-
George Udosen over 6 yearsWhat applications are these?
-
pa4080 over 6 years
letsencrypt
/python-letsencrypt-apache
is available for Ubuntu 16.04 and above, for the previous versions there iscertbot
which is almost the same. From Ubuntu Manuals. Sert -
Dan Vu over 6 yearsI refer to shellinabox, emby, and webmin
-
George Udosen over 6 yearsRefer to their individual config files to change the listening ports then add it to the apache config files