Pages

Thursday, August 24, 2023

Generating SSL Certificates for Websites on Non-Standard Ports

Ensuring secure communication is essential for websites, even if they are not published on the default ports 80 or 443. This guide demonstrates how to obtain SSL certificates using Certbot when your website is hosted on a non-standard port. We'll walk through the steps using a generalized URL and domain name for clarity.

Prerequisites

Before starting, make sure you have the following:
  • A server hosting your website is accessible via a specific port.
  • Domain name and DNS management access for the domain.

Step 1: Install Certbot

Begin by installing Certbot using the following commands

sudo dnf install epel-release -y sudo dnf install certbot -y

Step 2: Generate SSL Certificate


Generate an SSL certificate using Certbot's manual mode with DNS challenge. Replace your.domain.com with your actual domain name.

sudo certbot --manual --preferred-challenges dns certonly -d your.domain.com

Follow the prompts provided by Certbot. You'll be asked to add a specific DNS TXT record to your DNS configuration to prove domain ownership.

Step 3: Certificate Location


Upon successful completion, Certbot will provide a confirmation message and indicate the location where the certificate and key files are stored. These files will be required for your web server's SSL configuration plaintext

Certificate is saved at: /etc/letsencrypt/live/your.domain.com/fullchain.pem 
Key is saved at: /etc/letsencrypt/live/your.domain.com/privkey.pem

Step 4: Next Steps


The certificate obtained is not set to automatically renew. To renew it, repeat the same Certbot command before the certificate's expiration date.

Remember, you'll need to configure your web server to use the obtained SSL certificate. or else replace the old certificates with new certificates with same name.

No comments:

Post a Comment