How can I access content that is running on a port via HTTPS?

#1

I’ve successfully installed a HTTPS cert on my server using certbot. I can access my website over HTTPS.

I’d also like to access content running on ports of my server via https://…:portnumber.

However, currently I’m shown a ERR_SSL_PROTOCOL_ERROR error. I am able to see the content at http://…:portnumber.

Is it possible to access the content running on the port via the https site?

I’d really appreciate any solutions to this question.

#2

Hi @beginnerencryption

if your webserver port 443 works, then you have a vHost. That vHost uses the certificate:

Something like

    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

Your non-standard-port may have a second vHost.

Use the same definitions you can find in your standard vHost.

PS: There is a standard template in #help


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#3

What does using the same definitions you can find in your standard vHost mean?

I’ve tried adding a secondary file in the /etc/apache2/sites-available directory which Listens on the portnumber, but haven’t had any luck with this so far.

I did this by adding the creating a new .conf file with the contents:

Listen 510

<VirtualHost *:510>;

and called this file 000-510.conf. From there I ran sudo a2ensite * followed by service apache2 reload

#4

That VirtualHost block needs to contain a configuration for the virtual host, not just a semicolon (the semicolon also isn’t correct Apache configuration syntax). It would contain other directives related to how to find the content to serve, normally based on the contents of other virtual host configurations on your system. And it would end with a </VirtualHost> line.

#5

openssl is your friend. Here’s a 10 cent program to get the specifics of the cert:
[robert@firefox bin]$ cat getcert.bash
#!/bin/bash
host=1 port={2:-443}
openssl s_client -showcerts -connect $host:$port < /dev/null | openssl x509 -text

Just type in getcert.bash sitename. You’ll get the details of the certs and such. Now you can be sure it’s really working and really has the right certificate. There’s nothing like thinking everything is set up the way you think it is and it’s not. Always make sure. It’ll save a lot of time.

If you want to connect to a port that is running ssl,
openssl s_client -connect hostname:443

Lots of web pages to show how to use openssl.