Certificate okay for 443, but no longer for other ports


#1

My domain is: zacksmohawk.com

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.2 LTS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

Previously, my certificate worked for all ports on this domain, but it appears that it only renewed for port 443, and not any of the other ports - says that the certificate expired in Jan 2018 (yes, been a while since I’ve needed to use these ports again).

I thought all ports would point at the same certificate on my server, so how can one be valid and one expired?

Any advice on how to fix this?


#2

What other ports are you using it on? What protocol? Still HTTPS or something else like a mailserver?


#3

Still HTTPS, but just arbitrary ports like 8102, etc.


#4

Well, based on the response from port 8102, I would guess the problem is this:

When Certbot renews certificates, it generally reloads the web server (that it knows about it), to force the web server to read the new certificate and begin using it. In your case, it reloads Apache.

The Node.js server you have on :8102 isn’t fronted by Apache, and Certbot doesn’t know it exists. So, even though the certificate was renewed, nobody restarted the Node.js server in order to reload the certificate.

Generally I find that the best production setup is to have Apache (or any web server) to handle SSL for all of your applications, and act as a reverse proxy to them (using mod_proxy). That way, only Apache needs to know about your certificate, and Node.js doesn’t need to know anything about HTTPS.


#5

Thanks so much for the help. I appreciate it :slight_smile:


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.