Letsencrypt is working for port 443, but the port 9998 is not secured. How can I secure the port?
You’ll need to share more information. What webserver are you using? How did you issue the certificate initially?
global answer: If you want to use a certificate with a special port (port 5001, 8080 etc.), you have to do additional steps.
Sample: Your 443 port uses
SSLCertificateKeyFile /etc/ssl.key/example.com.key SSLCertificateFile /etc/ssl.crt/example.com.crt
Then your port 9998 can use the same configuration -> a restart is required, if the 9998-server uses another binary.
I am using AWS EC2 & Route 53. I used Let’s Encrypt following
https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx, with sudo certbot --nginx.
Hope this helps.
Can I be more clear on that? I can get that 9998 port can use the same configuration like 443 but can it use the same certificate key and file? If I cannot, how can I issue a different certificate for the port?
listen 443 ssl; listen 9998 ssl; SSLCertificateKeyFile /etc/ssl.key/example.com.key SSLCertificateFile /etc/ssl.crt/example.com.crt
Hope this question is valid.
Please share your configuration you have used to create the port 443 - certificate.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
New to encryption so I tried to generalize it. The configuration didn’t work so I am going to work around with proxy and a domain, which worked.