How to get a Let's Encrypt certificate without ports 80 and 443

Follow the instruction and you will succeed.
You must already have a registered domain and configured for your IP address.

  • installing certbot

cd /root
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --install-only

  • adding a domain (example myflussonic.domain)

./certbot-auto certonly --manual --preferred-challenges dns -d myflussonic.domain

  • next, it will ask you to publish your IP address.

Are you OK with your IP being logged?

  • press Y

(Y)es/(N)o: Y

  • next it will ask you to create a TXT record for your domain

Please deploy a DNS TXT record under the name
_acme-challenge.myflussonic.domain with the following value:

Don’t press ENTER!

  • go to your domain settings and create a TXT record with the specified value

name: _acme-challenge.myflussonic.domain
type: txt
rdata: lJC_SOME_TEXT_TolcA

you need to wait some time for the data to be applied. you can check this with the command

host -t txt _acme-challenge.myflussonic.domain.

the answer will be

_acme-challenge.myflussonic.domain descriptive text “lJC_SOME_TEXT_TolcA”

  • when the data is updated press ENTER

Waiting for verification…
Cleaning up challenges

  • Congratulations!..
  • now we need to put the certificates in the right place. we will do this using symlink, because the certificate will be updated automatically by the cron and you will not need to copy it

cd /etc/flussonic
mv flussonic.key flussonic.key.origin
ln -s /etc/letsencrypt/live/myflussonic.domain/cert.pem /etc/flussonic/flussonic.crt
ln -s /etc/letsencrypt/live/myflussonic.domain/privkey.pem /etc/flussonic/flussonic.key
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt -O /etc/flussonic/flussonic-ca.crt

  • now you can specify the SSL port in the Flussonic settings and restart the service

service flussonic restart

  • add a cron task to automatically update the certificate

0 0 * * 1 root /root/certbot-auto renew > /dev/null 2>&1

Now Flussonic will have to be accessible by domain and a non-standard SSL port