Get SSL certificate while using different external ports


I can not successfully setup SSL certificate using the letsencrypt tool (provided in my case with the NextCloudPi installation on a RaspberryPi). Are there alternatives to using letsencrypt? And how can I use them in the situation described below?


Within my home network, I have several RaspberryPi-Servers (currently, 18 devices). One of them, let’s call it RPi1, I use for our private home NextCloud service. I seamlessly setup an SSL certificate using the letsencrypt tool provided by the installation image.

Now, I want to use another server, RPi2, as a NextCloud server from within the same home network. From the internet, I registered a new NoIp domain name which results in the identical same IP address of my home router. So, the only way to tell which domain name is being targeted by a user is by using a different port number. My home router provides a port forwarding feature. As ports 443 and 80 are already used to lead incoming packages through to port 443 and 80 on my RPi1, I now have to choose different ports on the internet side. For example, I use port 64471 to be led through to port 80 and port 64472 to be led through to port 443 of my new RPi2.

Communication from the internet already works fine concerning RPi2, so that I am now able to use the NextCloud installation on my RPi2 machine. BUT: letsencrypt fails as my internet ports 64471 for HTTP (80) and 64472 for HTTPS (443) do not match the standard ports atleast on the outside of my home network. When connecting from the internet to the service on my RPi2, I get the typical insecurity warning. Which I want to avoid.


Is there a way to tell letsencrypt to “ignore” or alternatively to “set” a non-matching incoming internet port for the SSL certificate to be generated correctly? Or are there maybe other tools which handle these port mismatches transparently?


Hmm I’m not sure – I thought one of the requirements was accessible server on port 80/443 or dns validation. I’m not sure if you can change ports.

Certificates are bound to domain names, not to IP numbers. Can’t you set up different domains or subdomains to your boxes? Maybe you need a reverse proxy to distribute the access.

Have you looked at this?