Letsencrypt auto renew + non standard ports

arvy · September 8, 2020, 9:00pm

Hello,

I’m using 2.15.0 on CentOS 8. Running fine. My certificate was generated by Letsencrypt.

As instructed in the .env file, in the first boot I may not change the HTTP port, needs to be 80.

Since I need to use 80/443 to another service, I’ve changed OV’s ports to 2080 and 2443. And will use in production in some days.

My question is: in 3 months, the certificate will be auto-renewed even I use 2080/2443 and 80/443 will be running another software? Or I need to do something manually?

Thank you.

cruizba · September 9, 2020, 8:10am

Probably not, you will need to have the location /.well-known/acme-challenge available in port 80 to make possible autorenews.

Best Regards,
Carlos

arvy · September 9, 2020, 12:15pm

Ok, in this case where is the root path that OV will inform to certbot?
So I can “ln -s” in the other software listening in the port 80.

cruizba · September 9, 2020, 12:43pm

The certificates used by OpenVidu are in /opt/openvidu/certificates/live/<your_domain>.
Maybe you can change certbot configuration to point to this directory for autorenew or this ln -s is just enough to make it works, I’m not sure.

But this is not our recommended way to deploy.

I hope this helps,
Regards,
Carlos

arvy · September 9, 2020, 1:07pm

Well, the “renew” files points to /var/www/certbot

[renewalparams]
webroot_path = /var/www/certbot,
[[webroot_map]]
mydomain = /var/www/certbot

But this path does not exists in the server, so, I believe it’s created only inside the docker container, right? So, the “ln -s” won’t work…

cruizba · September 9, 2020, 1:22pm

The renewal config file of the nginx container is in /opt/openvidu/certificates/renewal/<your-domain-name>.conf

cruizba · September 9, 2020, 1:25pm

You can also share the volume /var/www/certbot by modifying the file /opt/openvidu/docker-compose.yml at the nginx service:

nginx:
        image: openvidu/openvidu-proxy:3.0.0
        restart: on-failure
        network_mode: host
        volumes:
            - ./certificates:/etc/letsencrypt
            - ./owncert:/owncert
            - ${OPENVIDU_RECORDING_CUSTOM_LAYOUT}:/opt/openvidu/custom-layout
            - /var/www/certbot:/var/www/certbot      <---- THIS LINE

But we can’t ensure this will work because it is an environment we did not test

Hope this helps,
Best regards,
Carlos

arvy · September 9, 2020, 1:44pm

Hi Carlos, good idea about the nginx line. I’ll try.

Thanks!

Topic		Replies	Views
How to regenerate SSL certificate Issues with deployment v2	25	4241	December 20, 2022
LetsEncrypt support for multiple domains using DOMAIN_OR_PUBLIC_IP Issues with deployment v2	7	831	October 29, 2020
Updating own ssl certificate Issues with deployment v2	3	1017	February 12, 2022
Openvidu stopped working after letsencrypt dry-run(renew) Issues with deployment v2	1	368	October 12, 2020
Migrating to 2.13 in a multi website hosting server Issues with deployment v2	0	251	May 4, 2020

Letsencrypt auto renew + non standard ports

Related topics