I am trying to request a certificate for a webserver which is behind a Varnish caching proxy. Apache is available on port 81
, however this port is not publicly available. Varnish is listening on port 80
. I would rather not expose port 81
to the outside world.
In the past I could request certificates using the tls-sni-01
challenge. However it seems this challenge does not work anymore for new domains. I read this challenge was disabled for secutiry reasons but it seems it is re-enabled again? If possible I would like to use the tls-sni-01
challenge, as requesting (existing) certificates via this challenge works fine.
My domain is:
occupationlanding.wageindicator.org
I ran this command:
certbot certonly --apache --cert-name occupationlanding.wageindicator.org -d occupationlanding.wageindicator.org
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for occupationlanding.wageindicator.org
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
My web server is (include version):
Apache/2.4.25 (Debian)
The operating system my web server runs on is (include version):
Debian GNU/Linux 9.3 (stretch)
I’m using the latest certbot:
certbot --version
certbot 0.22.0
My hosting provider, if applicable, is:
DNS is managed from mydomain.com, VPS is running from linode
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no