Use Lets Encrypt with other port than 443


Unfortunately I have already another Webserver (apache) running on port 80 and 443. What I now want to do, is to set up an SSL connection on port 8123 (or any other than 80 / 443). So far i haven’t figured out how to do that, besides using my other Webserver as proxy (for my current knowledge that’s way to complex and I don’t want to mess things up ;)). I really appreciate any help.


Reverse proxy is extremely easy.

If you use nginx, it also has a TCP / SSL proxy in there, too. You can use it to forward an SSL/TLS session carrying MQTT to mosquitto (or whatever broker) over plain TCP. Now, you can use the same certificate in nginx for the HTTPS reverse proxy as well as for the MQTT over SSL/TLS proxy.

I managed to setup reverse proxy now, but it does not work with ssl encryption.

When I want to create new certificates with certbot on my apache server, I always get the error message “Server only speaks HTTP, not TLS”.

Does anybody know what the problem here is?

EDIT: Maybe I need to add: My main apache webserver is behind another IP-Adress on my LAN (not on the same machine as my home assistant instance)

It won’t negotiate with a self-signed certificate AFAIK.
The first time you use certibot, you need to use http not https.

You likely have 8123 pointing to 443 on the Pi. Point 8123 to 8123.

On the router I have 8123 pointing to 8123 on IP-Address A (Pi with home assistant). And I have 443 and 80 pointing to 443 and 80 to IP-Address B (Pi with Apache Webserver and other stuff). The problem is that port 443 and 80 is already in use by my Apache Webserver

My goal is that all connection from outside to my local lan which are interacting with my home assistant server are encrypted: -> TLS/SSL -> Pi with Apache Webserver -> with or without TLS/SSL (possibly not necessary here) -> Pi with home assistant

I always prefer DNS challenge over HTTP challenge on certbot/letsencrypt

Did you get this to work on 8123? I have the same issue, I have a webserver running on 80 and an SSH server running on 443 (the only port I can use my SSH tunnel on at work). I would also like to connect 8123 (or any other port) back to Hass. I could remove the webserver (its only for testing), but I need the SSH tunnel at work.

Maybe you can use this: