• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question How to apply an SSL Let's Encrypt certificate to a custom port?

AndyM

AndyM

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Obsidian Web Host Edition, Version 18.0.53 Update #2
In the simplest terms for a novice like myself, how can I secure with an Let's Encrypt SSL certificate? Is it even possible? The domain I'm using - host.mydomain.org (just an example) - is already secured with Let's Encrypt. My problem is that I also need a custom port to be securely accessed through a browser.

I'm trying to configure YaCy search engine via Docker. Port 8443 maps to 32770 for https, and 8090 maps to 32771 for http. Everything works fine to access the YaCy admin panel from http://host.mydomain.org:32771, but that's not a solution because I need it to be offered via https.
Things I've already tried:
  • Under "Docker Proxy Rules, I used "Add Rule" to create a new proxy rule. In the "Port" section, I go with option "8443 -> 32770".
  • NGINIX proxy_pass with a few varations
  • Copy the LE certificate file for this domain into /etc/pki/ca-trust/source/anchors/; Update the ca trust store; restart docker service
Is there anything obvious to try? Surely this can be done?

System Information
Plesk: Obsidian Web Host Edition, Version 18.0.53 Update #2
OS: CentOS Linux 7.9.2009 (Core)
 
A similar thread might have a solution:

Issue - Securing a custom port with SSL

Hello Folks. is it possible to set up an SSL certificate on a custom port ? I am running an app on let's say port 9999 and I can only access the app via HTTP , i would like to be able to access is via HTTPS as well, is they a solution where i can set this up ? Even if it's a custom solution...
talk.plesk.com talk.plesk.com
 
Peter Debik said:
A similar thread might have a solution:

Issue - Securing a custom port with SSL

Hello Folks. is it possible to set up an SSL certificate on a custom port ? I am running an app on let's say port 9999 and I can only access the app via HTTP , i would like to be able to access is via HTTPS as well, is they a solution where i can set this up ? Even if it's a custom solution...
talk.plesk.com talk.plesk.com
Click to expand...

Thanks, I saw this one, too. It's possible I just don't have the exact syntax needed for the nginx directive, but I've tried this

location ~ / {
proxy_pass [---different variations here---]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

I've used the following, and after changing each time I restart nginx reverse proxy server in Plesk.
  • proxy_pass https://127.0.0.1:32770;
  • proxy_pass http://127.0.0.1:32771;
  • proxy_pass http://0.0.0.0:32771;

Nothing seems to change so far. I'll now try editing the nginx conf file below:
/var/www/vhosts/system/host.[mydomain.org]/conf/nginx.conf
Although, I thought adding directives under Plesk panel -> host domain -> nginx directives would be the place to add these lines. Maybe that won't work and it must be done directly in the nginx.conf file for some reason? That's where I get lost quickly.
 
Thanks, unfortunately it still doesn't solve the problem. I walked through those steps to create and copy a pkcs12 file into my .../_data/SETTINGS/ container volume.

I tried three different types of file extensions for the pkcs12 file (defined as the ImportFile variable): .pkcs12, .p12 and .pfx. I also made sure the password specified in the OpenSSL export command was populated.

pkcs12ImportFile=
pkcs12ImportPwd=

After restarting the Docker YaCy container, I see these errors show up in the log.

I 2023/07/06 12:08:26 SERVER * Import certificates from import file '/var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12'.
E 2023/07/06 12:08:26 SERVER * Unable to import certificate from import file '/var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12'.
java.io.FileNotFoundException: /var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12 (No such file or directory)

I'm getting confused as to what's going on with this reference to "certificate.p12". Is it somehow related to an attempt a few days ago with this command below to create an export? (/etc/letsencrypt/live/.org is not a valid path on my server, I shouldn't have even ran this command.) What in the heck have I done?

openssl pkcs12 -export -out certificate.p12 -inkey /etc/letsencrypt/live/.org/privkey.pem -in /etc/letsencrypt/live/.org/cert.pem -certfile /etc/letsencrypt/live/.org/chain.pem
 
You must log in or register to reply here.

Similar threads

J
Question How to hide port in Nginx forwarding / change listening port
Replies
0
Views
936
jasmines
J
B
Resolved secure Plesk hostname on port 8443 with an SSL certificate Let's Encrypt ERROR
Replies
2
Views
2K
Butcher
B
T
Issue Unable to install Let's Encrypt certificate for temporary domain
Replies
5
Views
2K
Peter Debik
P
P
Forwarded to devs SSL It! - inconsistent Let’s Encrypt branding
Replies
2
Views
1K
AYamshanov
AYamshanov
B
Resolved Cannot update SSL certificate used o port 8443 for plesk administration
Replies
6
Views
2K
bigcookie
B
Back
Top