Use Lets Encrypt with other port than 443

Lukas_m · November 23, 2017, 7:23pm

Hello

Unfortunately I have already another Webserver (apache) running on port 80 and 443. What I now want to do, is to set up an SSL connection on port 8123 (or any other than 80 / 443). So far i haven’t figured out how to do that, besides using my other Webserver as proxy (for my current knowledge that’s way to complex and I don’t want to mess things up ;)). I really appreciate any help.

Thanks

flamingm0e · November 23, 2017, 7:34pm

Reverse proxy is extremely easy.

tmjpugh · November 24, 2017, 3:48am

lmamakos · November 24, 2017, 6:27am

If you use nginx, it also has a TCP / SSL proxy in there, too. You can use it to forward an SSL/TLS session carrying MQTT to mosquitto (or whatever broker) over plain TCP. Now, you can use the same certificate in nginx for the HTTPS reverse proxy as well as for the MQTT over SSL/TLS proxy.

Lukas_m · November 26, 2017, 11:23am

I managed to setup reverse proxy now, but it does not work with ssl encryption.

When I want to create new certificates with certbot on my apache server, I always get the error message “Server only speaks HTTP, not TLS”.

Does anybody know what the problem here is?

EDIT: Maybe I need to add: My main apache webserver is behind another IP-Adress on my LAN (not on the same machine as my home assistant instance)

fanuch · November 26, 2017, 12:28pm

It won’t negotiate with a self-signed certificate AFAIK.
The first time you use certibot, you need to use http not https.

You likely have 8123 pointing to 443 on the Pi. Point 8123 to 8123.

Lukas_m · November 26, 2017, 1:08pm

On the router I have 8123 pointing to 8123 on IP-Address A (Pi with home assistant). And I have 443 and 80 pointing to 443 and 80 to IP-Address B (Pi with Apache Webserver and other stuff). The problem is that port 443 and 80 is already in use by my Apache Webserver

My goal is that all connection from outside to my local lan which are interacting with my home assistant server are encrypted:
https://my-adress-to-homeassistant.net -> TLS/SSL -> Pi with Apache Webserver -> with or without TLS/SSL (possibly not necessary here) -> Pi with home assistant

flamingm0e · November 26, 2017, 2:10pm

I always prefer DNS challenge over HTTP challenge on certbot/letsencrypt

Nimdy · January 2, 2018, 8:44am

Did you get this to work on 8123? I have the same issue, I have a webserver running on 80 and an SSH server running on 443 (the only port I can use my SSH tunnel on at work). I would also like to connect 8123 (or any other port) back to Hass. I could remove the webserver (its only for testing), but I need the SSH tunnel at work.

sjee · January 6, 2018, 9:00am

Maybe you can use this:

https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt