Bind SSL to Custom Port in Apache

Sean Bradley
2 min readDec 23, 2020

You may already know how to bind SSL to port 443 on your apache webserver in Ubuntu 20.04,

But in case you don’t know, here is a clue.

The not so complicated approach is to create a new VirtualHost record that the Apache server will load when restarted.

You could create a new file in the /etc/apache2/sites-enabled/ folder named something like your-domain-name.tld.conf

sudo nano /etc/apache2/sites-enabled/my-domain-name.com.conf

And in that file you would have something similar to

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName my-domain-name.com
ServerAlias *
DocumentRoot /var/www/html
SSLEngine On
SSLCertificateFile /path-to-certificate/fullchain.pem
SSLCertificateKeyFile /path-to-certificate-key/privkey.pem
</VirtualHost>
</IfModule>

Of course, your domain name would be different than mine. Also ensure that you already have a valid certificate and key file from the service that you purchased the SSL certificate from. You can also get SSL certificates for free by following the instructions from Certbot.

Also take note that the DocumentRoot parameter points to the website folder where your html files are located. Usually it is the location of the main index.html for your website.

If you then restarted your apache server

sudo service apache2 restart

And visited https://your-domain-name.com in the browser, then you’d have a https connection to your website showing the padlock in the address bar.

All very good so far, you already knew that.

But why you are here, is because you don’t want to bind SSL to the default port 443, but some other port, for example, 12345. Maybe you already tried it, and it doesn’t work, and you don’t know why.

You have double checked your VirtualHost record looks something like this.

<IfModule mod_ssl.c>
<VirtualHost *:12345>
ServerName my-domain-name.com
ServerAlias *
DocumentRoot /var/www/html
SSLEngine On
SSLCertificateFile /path-to-certificate/fullchain.pem
SSLCertificateKeyFile /path-to-certificate-key/privkey.pem
</VirtualHost>
</IfModule>

But why doesn’t it work yet?

It is because the apache server doesn’t open the port 12345 until you specifically tell it to listen on the…

--

--

Sean Bradley

Developer of real time, low latency, high availability, asynchronous, multi threaded, remotely managed, fully automated and monitored solutions.