• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question How to apply an SSL Let's Encrypt certificate to a custom port?

AndyM

AndyM

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Obsidian Web Host Edition, Version 18.0.53 Update #2
In the simplest terms for a novice like myself, how can I secure with an Let's Encrypt SSL certificate? Is it even possible? The domain I'm using - host.mydomain.org (just an example) - is already secured with Let's Encrypt. My problem is that I also need a custom port to be securely accessed through a browser.

I'm trying to configure YaCy search engine via Docker. Port 8443 maps to 32770 for https, and 8090 maps to 32771 for http. Everything works fine to access the YaCy admin panel from http://host.mydomain.org:32771, but that's not a solution because I need it to be offered via https.
Things I've already tried:
  • Under "Docker Proxy Rules, I used "Add Rule" to create a new proxy rule. In the "Port" section, I go with option "8443 -> 32770".
  • NGINIX proxy_pass with a few varations
  • Copy the LE certificate file for this domain into /etc/pki/ca-trust/source/anchors/; Update the ca trust store; restart docker service
Is there anything obvious to try? Surely this can be done?

System Information
Plesk: Obsidian Web Host Edition, Version 18.0.53 Update #2
OS: CentOS Linux 7.9.2009 (Core)
 
A similar thread might have a solution:

Issue - Securing a custom port with SSL

Hello Folks. is it possible to set up an SSL certificate on a custom port ? I am running an app on let's say port 9999 and I can only access the app via HTTP , i would like to be able to access is via HTTPS as well, is they a solution where i can set this up ? Even if it's a custom solution...
talk.plesk.com talk.plesk.com
 
Peter Debik said:
A similar thread might have a solution:

Issue - Securing a custom port with SSL

Hello Folks. is it possible to set up an SSL certificate on a custom port ? I am running an app on let's say port 9999 and I can only access the app via HTTP , i would like to be able to access is via HTTPS as well, is they a solution where i can set this up ? Even if it's a custom solution...
talk.plesk.com talk.plesk.com
Click to expand...

Thanks, I saw this one, too. It's possible I just don't have the exact syntax needed for the nginx directive, but I've tried this

location ~ / {
proxy_pass [---different variations here---]
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

I've used the following, and after changing each time I restart nginx reverse proxy server in Plesk.
  • proxy_pass https://127.0.0.1:32770;
  • proxy_pass http://127.0.0.1:32771;
  • proxy_pass http://0.0.0.0:32771;

Nothing seems to change so far. I'll now try editing the nginx conf file below:
/var/www/vhosts/system/host.[mydomain.org]/conf/nginx.conf
Although, I thought adding directives under Plesk panel -> host domain -> nginx directives would be the place to add these lines. Maybe that won't work and it must be done directly in the nginx.conf file for some reason? That's where I get lost quickly.
 
Thanks, unfortunately it still doesn't solve the problem. I walked through those steps to create and copy a pkcs12 file into my .../_data/SETTINGS/ container volume.

I tried three different types of file extensions for the pkcs12 file (defined as the ImportFile variable): .pkcs12, .p12 and .pfx. I also made sure the password specified in the OpenSSL export command was populated.

pkcs12ImportFile=
pkcs12ImportPwd=

After restarting the Docker YaCy container, I see these errors show up in the log.

I 2023/07/06 12:08:26 SERVER * Import certificates from import file '/var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12'.
E 2023/07/06 12:08:26 SERVER * Unable to import certificate from import file '/var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12'.
java.io.FileNotFoundException: /var/lib/docker/volumes/fj3ow032r......../_data/SETTINGS/certificate.p12 (No such file or directory)

I'm getting confused as to what's going on with this reference to "certificate.p12". Is it somehow related to an attempt a few days ago with this command below to create an export? (/etc/letsencrypt/live/.org is not a valid path on my server, I shouldn't have even ran this command.) What in the heck have I done?

openssl pkcs12 -export -out certificate.p12 -inkey /etc/letsencrypt/live/.org/privkey.pem -in /etc/letsencrypt/live/.org/cert.pem -certfile /etc/letsencrypt/live/.org/chain.pem
 
You must log in or register to reply here.

Similar threads

H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
jradzuweit
Resolved How to update Let'S Encrypt certificate with SSL It!
Replies
4
Views
926
jradzuweit
jradzuweit
J
Question How to hide port in Nginx forwarding / change listening port
Replies
0
Views
2K
jasmines
J
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
995
cpulove
C
P
Issue Certificate problem in Plesk
Replies
5
Views
1K
Raul A.
R
Back
Top