Apache Server on Port 8006

narcoczen · May 26, 2019, 4:12pm

Hi … newbie here. I have read several posts here and need some clarification.

My situation is that our server is running apache vhosts on port 8006 behind a firewall that doesnt allow port 80 traffic to that server.

Running “certbot --apache” ends with error message
"Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80. "

So is there a way for me to make this happen ? I can place any file in the webserver in any location - that is under my control and so this is my preferred method and so I am hoping for some command line option to accept port 8006.

As for the DNS verification method - our DNS provider is dyn.com and i dont see a dns-plugin for them but even so their support is very sluggish ( they take weeks to reply to an email ) and so that could be a dead end.

Pls advise on this port 8006 thingy.

orangepizza · May 26, 2019, 4:24pm

CA can't use unprivileged port to verify control of domain.
from CA/B baseline requirement:

Authorized Ports: One of the following ports: 80 (http), 443 (http), 25 (smtp), 22 (ssh)

can you use port 443?

narcoczen · May 26, 2019, 4:27pm

Port 443 ?

I think that it could be open …Do i need to run the same command “certbot --apache” or append a port number to it ?

But port 22 is something i can make happen … But can it it be a redirection, say 22 to 2206 ?

JuergenAuer · May 26, 2019, 4:33pm

Hi @narcoczen

then you can't use http-01 validation.

You can use dns-01 validation or tls-alpn-01 validation (port 443).

Port 22 isn't an option, the ACME RFC is relevant.

Please read

And if you have a running website, you should have an open port 80.

PS: Redirects are possible from port 80 to 443, nothing else. No non-standard-port.

narcoczen · May 26, 2019, 5:17pm

Noted. Any idea how I can get that done with dyn.com ( our dns provider ) ? There isn't a plugin for them ?

orangepizza · May 26, 2019, 5:20pm

Acme.sh has dns plugin for dyn.com

narcoczen · May 26, 2019, 5:24pm

Acme.sh ? Is there a place where i can download this plugin ?
How do i run it with certbot --apache ?
or do i just run bash acme.sh ?

JuergenAuer · May 26, 2019, 6:12pm

Check

there is a link.

acme.sh is a different client.

narcoczen · May 26, 2019, 6:18pm

Thanks JuergenAuer … I think i better stick to this port 80 concept. Ultimately it needs port 80 only for validation yes ? After that , i can switch back to port 8006 after the validation is complete ?

Or must i switch to port 80 every time i have to renew the cert ?

JuergenAuer · May 26, 2019, 6:38pm

You must.

New certificate -> new challenge, so you need an open port 80.

narcoczen · May 26, 2019, 6:44pm

Thanks JuergenAuer…So …

Its possible to switch back to port 8006 after the initial validation
But i have to have port 80 open every 3 months for the validation to work ?

Any other gotchas that i need to be aware off?

JuergenAuer · May 26, 2019, 6:49pm

Yes, that's possible.

narcoczen · May 26, 2019, 6:50pm

Thanks Juergen… Many many thanks !!!

Anyway to mark this thread as SOLVED ?

system · June 25, 2019, 6:53pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.