I’m running a debian that I use as a web server with apache but also as a VPN server with openvpn.
Since both of these applications use port 443 i’m using the port-redirect option of openvpn which allow all trafic which is not linked to openvpn to be redirected to another port instead.
So i’m running my TLS website on port 4443 instead of 443.
Because of this the automatic renewal of certifcate by certbot fails because it’s only working on port 443.
So every 90 days when the certbot’s system timer task kicks in and wants to do a renewal it fails and also crashes my apache server at the same time.
Then i have to manually stop openvpn, set the apache ports back to 443, do the renewal, put the ports back to 4443 and start openvpn again.
Do you guys know if there is a way to solve this problem?
One more thing: how does openvpn redirect https traffic? Is this transparent to the client, i.e. does it act like a proxy? Then, if openvpn already detects and redirects https traffic, I don't see any problem here.
Well, you wrote that your webserver runs on https only
One hint: instead of stopping your vpn and reconfiguring apache every week, you could use pre- and post-validation hooks. This way, your configuration would only change temporarily iff certificate renewal is due.