Problem with Let's Encrypt and ports

Hello,

I have a problem when I create a subdomain, I don’t have problems creating subdomains like:

subdomain.domain.com

Then I create the certificate without problems, but if I install some service, such as xmpp, that uses the ports:

Ports:5222/TCP (Client to server), 5269/TCP (Server to server), 5223/TCP (SSL)

If I try to gain access:

https://subdominio.dominio.com:5222

The browser returns the error:

SSL_ERROR_RX_RECORD_TOO_LONG

I don’t know if I have the problem in the configuration of nginx or in Let’s Encrypt.

1 Like

Hi @bichomen

please share your domain name.

That error

says: There is http content, not https.

So

http://subdominio.dominio.com:5222

should send a correct http answer.

1 Like

If I go to:

http://subdominio.dominio.com:5222

It returns a: ERR_CONNECTION_TIMED_OUT

1 Like

This problem must be either a firewall (including port forwarding or blocking) or a problem with the configuration of the service listening on that port. As @JuergenAuer pointed out, the SSL_ERROR_RX_RECORD_TOO_LONG is basically always a case of trying to access an HTTP service via HTTPS (so the service has been misconfigured without TLS), while ERR_CONNECTION_TIMED_OUT is most often a firewall-related problem.

1 Like

Ok, I know this.

So the problem is in the web server configuration?
Don’t I have to create a certificate for https://subdomain.domain.com:5222? If I have a certificate for https://subdomain.domain.com even if I redirect to http://subdomain.domain.com:5222, will it work?

No, certificates are for DNS labels, not for URLs–the port is irrelevant, as is the protocol (the same cert can be used for HTTPS, LDAPS, IMAPS, etc.). As long as the name matches and the CA is trusted, the cert is fine.

Correct.

1 Like

Thanks, now I know what to focus on

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.