• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How to apply an SSL Let's Encrypt certificate to a custom port?

AndyM

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Obsidian Web Host Edition, Version 18.0.53 Update #2
In the simplest terms for a novice like myself, how can I secure with an Let's Encrypt SSL certificate? Is it even possible? The domain I'm using - host.mydomain.org (just an example) - is already secured with Let's Encrypt. My problem is that I also need a custom port to be securely accessed through a browser.

I'm trying to configure YaCy search engine via Docker. Port 8443 maps to 32770 for https, and 8090 maps to 32771 for http. Everything works fine to access the YaCy admin panel from http://host.mydomain.org:32771, but that's not a solution because I need it to be offered via https.
Things I've already tried:
  • Under "Docker Proxy Rules, I used "Add Rule" to create a new proxy rule. In the "Port" section, I go with option "8443 -> 32770".
  • NGINIX proxy_pass with a few varations
  • Copy the LE certificate file for this domain into /etc/pki/ca-trust/source/anchors/; Update the ca trust store; restart docker service
Is there anything obvious to try? Surely this can be done?

System Information
Plesk: Obsidian Web Host Edition, Version 18.0.53 Update #2
OS: CentOS Linux 7.9.2009 (Core)
 
A similar thread might have a solution:
 
A similar thread might have a solution:

Thanks, I saw this one, too. It's possible I just don't have the exact syntax needed for the nginx directive, but I've tried this

location ~ / {
proxy_pass [---different variations here---]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

I've used the following, and after changing each time I restart nginx reverse proxy server in Plesk.
  • proxy_pass https://127.0.0.1:32770;
  • proxy_pass http://127.0.0.1:32771;
  • proxy_pass http://0.0.0.0:32771;

Nothing seems to change so far. I'll now try editing the nginx conf file below:
/var/www/vhosts/system/host.[mydomain.org]/conf/nginx.conf
Although, I thought adding directives under Plesk panel -> host domain -> nginx directives would be the place to add these lines. Maybe that won't work and it must be done directly in the nginx.conf file for some reason? That's where I get lost quickly.
 
Thanks, unfortunately it still doesn't solve the problem. I walked through those steps to create and copy a pkcs12 file into my .../_data/SETTINGS/ container volume.

I tried three different types of file extensions for the pkcs12 file (defined as the ImportFile variable): .pkcs12, .p12 and .pfx. I also made sure the password specified in the OpenSSL export command was populated.

pkcs12ImportFile=
pkcs12ImportPwd=

After restarting the Docker YaCy container, I see these errors show up in the log.

I 2023/07/06 12:08:26 SERVER * Import certificates from import file '/var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12'.
E 2023/07/06 12:08:26 SERVER * Unable to import certificate from import file '/var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12'.
java.io.FileNotFoundException: /var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12 (No such file or directory)


I'm getting confused as to what's going on with this reference to "certificate.p12". Is it somehow related to an attempt a few days ago with this command below to create an export? (/etc/letsencrypt/live/.org is not a valid path on my server, I shouldn't have even ran this command.) What in the heck have I done?

openssl pkcs12 -export -out
certificate.p12 -inkey /etc/letsencrypt/live/.org/privkey.pem -in /etc/letsencrypt/live/.org/cert.pem -certfile /etc/letsencrypt/live/.org/chain.pem
 
Back
Top