my site certainly appears secure using certbot as https://gitxome.com and https://www.gitxome.com
but I am still lost when it comes to configure port :3000 so http://gitxome.com:3000 is not https:// -can someone point me toward the solutiion?
thank you
1 Like
Install the cert manually on the software running on port 3000.
1 Like
To be precise, Certbot doesn't know how to edit web server configurations to configure HTTPS on any port other than 443. In order to do this, you have to edit the server configuration files yourself.
The historical/conceptual reason for this is that Certbot always creates HTTPS virtual hosts based on existing HTTP virtual hosts. However, the HTTPS and HTTP virtual hosts generally have to listen on different port numbers. There is a predictable mapping using the Internet standard port numbers to turn HTTP (80) into HTTPS (443), but if you're planning to use a different port number, Certbot doesn't know how to predict what it should be. Therefore, it can't do this for you automatically (even though it's a valid and achievable thing to do by editing your configuration with a text editor).
In theory this could be a feature request at Issues ยท certbot/certbot ยท GitHub โ there could be an installer option for "httpsportnumber" or something โ but I think the developers would find that there are too many ambiguities to make this work in a way that many users would be able to take advantage of.
Many of the issues that we see on this forum with Certbot's interactions with Apache configurations have to do with the "which virtual host?" family of problems. Certbot doesn't have a very effective and consistent way that a user could say "I want to create this particular virtual host based on this existing one" and similar choices. Most of the virtual host selection parts of Certbot are trying to make sensible guesses automatically, which has at times proven to be one of the trickiest parts of Certbot. Creating new additional options in this area could be useful, but also a significant to design challenge to do in a way that would decrease users' confusion rather than increasing it. 
1 Like
Thanks for your reply, schoen!
What an insightful, answer. I wish I had the confidence of more clear understanding.
Tonight here is what I've done to try to make port :3000 get a "secure lock browser icon" ..
- Re-Read the generous answers from https://community.letsencrypt.org/u/JuergenAuer, https://community.letsencrypt.org/u/Osiris, and https://community.letsencrypt.org/u/schoen..
- Laughed a few times at the small, forward, progress I am making..
- Edited /etc/apache2/sites-available/gitxome.conf by adding:
<VirtualHost :3000>
ServerName gitxome.com
RedirectMatch permanent ^/?(.) https://www.gitxome.com/$1
then restarted apache in ye Ubuntu Terminal with systemctl restart apache2
Then, somewhat fearful, I dared to re-visit certbot from the command terminal and retyped certbot --apache -yes, which merely must've re-read my conf file and did indeed axsk me, choose either of the two options gitxome and www.gitxome I hit c to Cancel because ..
Now, (while I render a 3D Model) I must MAN-up and read about certbot again to see if I can detect the process.. Wush me Luke..
oh yeh, an #GitXome! (sorry I couldn't resist)..
Let's see port 3000..
1 Like
Thank you all for being patient.
I was in the wrong area.
Certbots Purpose was already complete.
It did its job of installing letsencrypt for ports 80 and 443.
Port 3000 as used by my React App has its own entirely separate conf needs!
I appreciate your help, again, again.
1 Like
same https:// port :3000, ~problem only different.
I do not know whether the React App can use the certbot cert or not?
Their Instructions use "openssl" (so I am lost).
In the React project root folder terminal, run:
openssl req -x509 -newkey rsa:2048 -keyout keytmp.pem -out cert.pem -days 365
Now run: openssl rsa -in keytmp.pem -out key.pem
This process asked for a passphrase and I got stumped so instead of just leaving it blank, I entered "hello".
I do not know if certbot has anything to do with that command openssl -I mean, I understand certbot does not say openssl.
At least the config file allows access to the https:// although certbot is not associated with that App Port.
IS there anyone out there who understands -I'm getting closer, but still a ways off.
1 Like
You can skip all the OpenSSL commands for generating a private key and certificate: certbot already has done that, you can use certbots private key and cert.
Skip to the part where the key and cert generated by OpenSSL are actually used and follow the guide from there.
With regards to React, you should see certbot just as the key and certificate "generator". Unlike with webservers like Apache and nginx, certbot can't interact with React to install the certificate: that part is all up to you.
2 Likes
Indeed, Certbot is internally using the same OpenSSL code as the openssl req, openssl rsa, etc., commands (in the course of generating new keys and requesting a certificate from the certificate authority). But in a way that users never see at all. 
1 Like
Someone, somewhere, suggested making a copy of the cert.pem and key.pem into my react directory.
Well, I deleted the old cert.pem and replaced with certbot cert.pem copy. A not present key.pem is probably called privkey.pem from certbot..? (I'm guessing). uh, https:// still doesn't work for port 3000, but more importantly, am I understanding correctly that I can make a copy of the .pem files and somehow/magically they would be read by the browser?
1 Like
I don't really know anything about React, but it seems you may have to edit a .env file in order to tell React about the locations of the private key and certificate file on your server hard drive.
1 Like
Maybe I've been told already, but (did I say but?) 27 days have passed and I believe have almost got the answer.. I think..!
HTTPS=true SSL_CRT_FILE=cert.crt SSL_KEY_FILE=cert.key npm start
My one new question, letsencrypt generated 0000_key-certbot.pem files and 0000_csr-certbot.pem files but, Did letsencrypt in-fact generate a .csr file that I can direct the SSL_CRT_FILE=cert.crt to? If so, where might one desiring novice programmer find the generated letsencrypt .csr file?
1 Like
Certbot (the new name of the Let's Encrypt client, as of 2016) puts these in /etc/letsencrypt/csr. If you want to look at a particular one's contents in a human-readable form, you can run
openssl req -text -noout -in
followed by the filename you want to examine.
Note that there is a discussion about potentially making Certbot not save older keys and CSR files in future releases.
2 Likes
hmmm, yikes.
within the /etc/letsencrypt directory are the .pem files, and I did run openssl req -text -noout -in 0005_csr-certbot.pem and it gave me some output similar to cat 0005_csr-certbot.pem, but not-the-same.
its all quite amusing and give me great joyful laughter.
But I still don't really understand how I can direct my REACT Environment variables PATH to ?
SSL_CRT_FILE=cert.crt since the contents within the csr dir are pem files'b.
Its deeply rad (old word) that Signature Algorithm rsaEncryption RSA Public-Key is 2048 bit, and the "Modulus" coughs up the Exponent Attributes (none of which can I clearly comprehend) ~but I am thoroughly intrigued by and laughingly out-loud amused how smart you's guys are to make this stuff work!!.. (I mean, I walk around barefoot about town, just to pull away from my 1995 Microsoft saturated knowledge sponge accumulator, that and all the 17 blah blah).
Letsencrypt Certbot has been the highlight of this day, January 18th 2021, for-sure!
My environment variables could be HTTPS://www.GitXome.com:3000 good-naturedly if I knew'd where I could point the PATH for .csr, to.. hmmm (wonders to self)..
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.