Nginx – Certbot (LetsEncrypt) on custom port (Nginx OR apache)

certbotlets-encryptnginxssl

I've found many similar questions, people asking about how-to setup SSL on different ports (other than 80/443), i.e. 1234 port.
However, all answers were like use redirection or proxying requests or dns-validation (instead of http) or use alternative approaches. However, nowhere you can find even a single answer in StackExchange manner, I mean step-by-step for newbie, how to do that.

However, note, redirection is not solution, because on 80/443 a person might have a regular website, but on 1234 port a completely different app. So, just "redirection" from 1234 to 80 will mess-up sites, right?

Best Answer

It's perfectly fine to have Nginx on port 80 merely for HTTP-01 challenge and then use the certificates created using it on another web applications or even another server software altogether. It doesn't need to perform any reverse proxying in order to serve the http://example.com/.well-known/acme-challenge/, e.g.

server {
   listen 80;
   server_name example.com;

   location /.well-known/acme-challenge/ {
       alias /var/www/letsencrypt/.well-known/acme-challenge/;
   }
   location / {
       return 404;
   }
}

Furthermore, you don't necessarily need a web server listening on port 80 at all, as Certbot can use its own built-in web server for handling the challenges:

sudo certbot certonly --standalone --preferred-challenges http -d example.com

Best Answer

Related Solutions

Certbot LetsEncrypt – Using Certbot on a Different Port Than 443

Ssl – Using Let’s Encrypt certs on LAN with DNS redirection

Related Topic