I am stuck with a security issue.
I registered my domain with amazon Route53, but the actual server is not hosted at Amazon at all. Instead it is hosted by a 3rd party, and only 2 ports are opened on this instance: port 22 (for SSH) and port 1337 (for websockets).
The application runs fine, but I need to enable HTTPS now for this server.
In the past I used the AWS loadbalancer to forward HTTPS to HTTP on a specific EC2 instance, and that works great, without having the need to actually create a certificate for the specific instance.
Unfortunately, I have the impression that I cannot use this approach now, because the server is hosted elsewhere, and the loadbalancer only works for AWS instances.
By contrast, I did configure a record to redirect the hostname to the IP address of the server, which works fine.
I decided to make the certificates myself. However, it appears that my self-signed certificates are blocked by chrome by default. So, instead I tried to use a CA. I tried this with LetsEncrypt, however it wasn't a success. The problem, is that LetsEncrypt wants to validate the hostname halfway through the installation, and it can only do this on port 80 it seems, which I do not have at my disposal.
Any ideas ?
I read that LetsEncrypt wanted me to create a
TXTrecord. I was so foolish to think they wanted me to create a TXT file in the root of my public folder. All thanks to Michael Hampton really, who pointed me in the right direction with 2 simple words: "DNS Validation"The result:
EDIT:
The following years I discovered how hard it was to maintain these certificates, because they relied on manual tasks (i.e. adding TXT records). And I had to write my own set of scripts to update those TXT records, which wasn't easy.