My Let’sEncrypt certificate works excellent on my webserver! However, it only works for port 80 and I would like to include port 7443 and some others, for my emailserver. When using Chrome browser, I cannot access a webpage controlled by the mailserver via port 7443, as my mailserver uses a self-signed certificate, which Chrome “doesn’t like”. How do I setup Let’s Encrypt on my linux server running apache (Linux CentOS 8.1) to be valid also for other ports, like 7443?
My web server is (include version):
Apache
The operating system my web server runs on is (include version):
CentOS 8.1
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
You check what are the certificate, chain and key files in the working apache configuration.
Then, you use those files in the other services configuration files. Do not forget notifying the extra services to reload the new certificate/key when the certificate renewed in the apache server.
Thanks for the quick reply! I start checking out the certificate settings for the emailserver (where this is done and how) and then I’ll copy in the existing apache details. Reloading the certificate/key in the mailserver when the apache server certificate is renewed, is a bit problematic. Would be nice if the Let’sEncrypt renewal process does include an automatical reloading of the cerificate for other services too, as manual actions sooner or later will be forgotten Is there a way to get this done automatically?
The process of reloading extra services depends on the ACME client. Some automatically has a kind of post renewal execution hook. Even if it does not have, you may run the ACME client inside a wrapper script. At the end of the script you check is the certificate recently renewed, and if yes, than reload the extra service(s).
Thanks again! My CentOS 8 linux server uses certbot-auto and I think there is some post-renewal-execution-hook function in this command. I’ll look into this. Thanks for your quick and adequate help!
I have cron process running twice a day:
/usr/local/bin/certbot-auto renew >/dev/null 2>&1 --renew-hook “systemctl restart httpd.service”
This works just fine!
Can I just add two more renew-hook options, like below:
/usr/local/bin/certbot-auto renew >/dev/null 2>&1 --renew-hook “systemctl restart httpd.service” --renew-hook “/usr/local/surgemail/surgemail_stop.sh” --renew-hook “/usr/local/surgemail/surgemail_start.sh”
, which stops and restart my mailserver? Or what is the syntax for having multiple hooks?
That is, if you use it when requesting your certificate on the command line, it will be saved automatically in /etc/letsencrypt/renewal, and then the simple certbot-auto renew command will use the remembered hook command(s) when necessary.