Let's take a step back: why do you want a cert? What is it that you want to accomplish with it? And why is it that you can't get a free domain from freenom.com to facilitate domain validation?
6 Likes
Hello! I have obtained a free domain name through the ddns function of the router. This makes me very happy, although this domain name cannot be accessed directly outside the local area network (the default port 80 is not available). Now I can only access my server by attaching the port number suffix, such as mydomainname.com:7777.
Now I would like to ask you and friends in the forum. In my current state, is there any better way to get the certificate (I hope the certificate is free and it's better to renew it automatically after expiration)? Thank you!
3 Likes
If port 80 is not available, then HTTP-01 authentication will fail.
You will have to use DNS-01 authentication OR TLS-ALPN-01 authentication.
If you can find an ACME client for your system that supports TLS-ALPN-01, then that can be fully automated. If you can't, then you will have to use DNS-01 authentication,
If your DDNS provider supports DNS updates via API, AND you can find an ACME client that supports that DSP, then you can automate the renewals.
Otherwise, you will have to process the challenge requests manually [every 60 to 90 days].
6 Likes
Howcome is that?
Sometimes this is because the router has "hijacked" port 80 for its webinterface (mine did). So I had to put the webinterface of the router on a different port (I chose 8080 in my case), so port 80 came available to portmap from external to internal.
4 Likes
Really?! Could you please tell me how to verify this and how to change the default port of the router's webinterface?
Perhaps it is necessary to provide more information about my LAN. After the optical fiber enters the modem A, two network cables are connected, one of which is connected to the wireless router B (for WLAN), and the other is connected to my server C. The current situation is that I have enabled the DDNS function on the management page of router B, and thus obtained the domain name mydomainname.com (for example), and I found that this domain name seems to correspond to port 80 of the public IP of modem A by default. In modem A's management page, I mapped port 7777 (for example) of the modem A to a port of the server C that has Nginx listening enabled, and found that the server C can be accessed from external network through mydomainname.com:7777. But if I use port 80 of modem A to map, it will not work, no matter through the domain name mydomainname.com or mydomainname.com:80.
By the way, if the port 80 of my optical modem A is indeed blocked by the ISP, is there any other way for me to get a new domain name without the port number suffix so that it maps to my current domain name mydomainname.com:7777?
Ports aren't part of names.
So, you won't be able to have any name resolve to an IP:port.
4 Likes
I don't know, that's usually router-specific. But somewhere in the routers configuration interface.
3 Likes
There is another situation you might want to check.
Your ISP might only give you a fractional IPv4, and an IPv6 block. It's known as "MAP-E"
Check if that's the case, and if it is, validate over ipv6. Or ask your provider for the first port block (starting with 1)
7 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.