Certificate to port number ( :*)

My domain is wojciechxtx.com Its secured with SSL from LE and all ok.
Thing is: we have many services, that are accessed internally only, that use main domain : port (like bug-tracking software, webmin and alike).

If we go to service login page, its secured, but once login, we are not secured.

Can LE secure ports also not only main domain?

Cert has nothing to do with ports. You can use the same certificate on any port, but you need to configure the server program running on this port to use it (or pass the traffic trough the webserver as a proxy and do the ssl termination there, for me personally subdomains seem like a more elegant solution than adding ports in URLs, but there is nothing wrong with it either). IIRC for webmin you can log in and add the certificate file somewhere in the configuration. You can use the same certificate that you generated for the main website, if the domain is the same. Just remember you probably also need to restart/reload these additional services after doing cert renewals.


Certificate bindings are performed by the listening service and a service can listen on all interfaces (IP addresses) or specific ones, and a specific port. So for instance you can listen on port 443 on and have a certificate binding for that, but you can also listen on port 44 on and have a different certificate binding there too. So it's the combination of IP+port. Where it gets tricky (and a little platform specific) is listening on all interfaces (ip

Services can additionally use SNI (server name indication) to dynamically select which certificate they want to use that best matches the hostname being requested, this is how webservers present the correct cert when hosting multiple websites.

What you can't really do is have different competing services listening on the same IP+port. What you can do though is proxy from one service (e.g. nginx, caddy etc) back to a bunch of other services running on other ports. This might be what you want if all these things are running on one server, if they are all different servers then just let each server manage its own certificates.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.