Hi. I’m trying to use Caddy. But my Plesk Webservers already take the http/https ports. Now, how can I use my Plesk Onyx installation + the letsencrypt cert from plesk from a subdomain automatically generated there already? I need the configuration of Caddy and Plesk Onyx Nginx vhost config file.
Or, is it possible for me to run everything on an own port? Because trying to do so gives me this error:
Oct 16 19:21:20 baby rocketchat-server.rocketchat-caddy[7297]: Activating privacy features…2017/10/16 19:21:20 [mydomain.tld] failed to get certificate: [mydomain.tld] error presenting token: Could not start HTTPS server for challenge → listen tcp :443: bind: address already in use
Running two web servers with certificate management is an complicated setup I would avoid attempting without a definite requirement to do so. Plesk uses Apache, so I’d recommend simply adding a vhost to proxy the required traffic. Then you can let Plesk handle the certificate and have your backend available via standard web traffic ports.
If your intent is specifically to have Caddy publicly available on port 9000, with HTTPS, you can tell it to load the certificates already requisitioned by Plesk with the directive tls [cert] [key], where the latter two are the paths to the certificate and private key on the host file system.
well, the letsencrypt extension uses a new filename after each renewal afaik. that makes using the tls directive kinda useless as i would have to update that file every time.
so theres no other way?
also my Plesk uses nginx before apache.
oh ok i just re-read the post and now i noticed. so u mean using plesk/nginx instead of caddy? to where do i forward the ssl traffic then? simply to port 3000? i think that wont work. i guess i have to have running an ssl por and then forward ssl traffic to that ssl port on an ssl subdomain?
Theres also some page advising to use docker instead, but im not fmailiar with docker.
I thought Plesk used Apache for vhosts, which would imply that it’s doing SSL termination?
Oh well - basically you’ve got the gist of the idea, just run your backend locally and proxy to it over HTTP. Your clients have encrypted HTTPS to your Plesk-configured server, so they’re good.
hm, plesk uses mail server that only allows encryption. rocket.chat in return only allows encryption with a valid cerificate. but … i dont have any valid certificate for my mail server for that domain. cant rocket.chat send usin sendmail or something? ;D