I am trying to request a certificate for a webserver which is behind a Varnish caching proxy. Apache is available on port
81, however this port is not publicly available. Varnish is listening on port
80. I would rather not expose port
81 to the outside world.
In the past I could request certificates using the
tls-sni-01 challenge. However it seems this challenge does not work anymore for new domains. I read this challenge was disabled for secutiry reasons but it seems it is re-enabled again? If possible I would like to use the
tls-sni-01 challenge, as requesting (existing) certificates via this challenge works fine.
My domain is:
I ran this command:
certbot certonly --apache --cert-name occupationlanding.wageindicator.org -d occupationlanding.wageindicator.org
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Obtaining a new certificate Performing the following challenges: http-01 challenge for occupationlanding.wageindicator.org Cleaning up challenges Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
My web server is (include version):
The operating system my web server runs on is (include version):
Debian GNU/Linux 9.3 (stretch)
I’m using the latest certbot:
certbot --version certbot 0.22.0
My hosting provider, if applicable, is:
DNS is managed from mydomain.com, VPS is running from linode
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):