Can't host anything on port 80

inflames · December 4, 2015, 3:29am

Hello,
My ISP actually blocks port 80 so I cannot host anything on it. Is there any way to do this ‘acme-challenge’ using 443(https with my currently self signed one?)
http://bla-bla-bla.com/.well-known/acme-challenge/blabla
Thanks,

InFlames

Edit: --http-01-port does start on port 88 but its still trying to reach on http://bla:80 ;(
./letsencrypt certonly --standalone --http-01-port 88 -d somethingsomething.com

Osiris · December 4, 2015, 4:22am

How about --tls-sni-01 for port 443?

inflames · December 4, 2015, 9:11pm

adding the flag ‘–standalone-supported-challenges tls-sni-01’ worked.
Thanks!

dr02019 · January 26, 2016, 7:37pm

I have this same problem (ISP blocking port 80), but I’m not able to understand the replies in this thread. I’m running Arch Linux with apache (all current software)

Could someone give me near-exact (I can enter my domains when prompted interactively by letsencrypt, but I mean the exact command to enter at the command prompt) instructions for running letsencrypt to get a certificate? I already have apache running on port 443 with a valid certificate from StartCom, so getting from the Internet to my server is not a problem on port 443. It just can’t be done on port 80. And all of my attempts seem to be trying to reach port 80 (http, not https) in spite of my having used the following command:

# letsencrypt certonly --manual --standalone-supported-challenges tls-sni-01

When I run this, I get instructions for putting certain content at certain URLs (eg. .well-known/acme-challenge/ehTxGtwMMfovQdFR0NBmpJ4XHAcA1I77Of-IYg1FmeY), but the output of the letsencrypt client is still:

Could not connect to http://example.com/.well-known/acme-challenge/ehTxGtwMMfovQdFR0NBmpJ4XHAcA1I77Of-IYg1FmeY

So it’s still apparently trying to connect with port 80 (N.B. “http”, not “https”).

Suggestions?

inflames · January 26, 2016, 8:02pm

Doing is with --manual wont work you need to run it in standalone mode. You need to shutdown your currently running apache prior to this since the letsencrypt tool will try to listen on port 443 to do the challenge.
I havent found a way to use this challenge with apache but since I’m not running anything critical a little downtime doesn’t hurt me to renew the cert.
Here’s the cmd I run:
./letsencrypt certonly --standalone --standalone-supported-challenges tls-sni-01 --renew-by-default --rsa-key-size 4096 --domains example.com,www.example.com

dr02019 · January 26, 2016, 8:20pm

Thanks @inflames !

That worked for me: “Congratulations! Your certificate and chain have been saved at…”

But I had two domains: “–domains example.com,moodle.example.com” in my command. I would’ve thought that I would have received two certificate/chain sets.

I guess I need to go read more about Let’s Encrypt!

schoen · January 26, 2016, 8:22pm

@dr02019, a certificate can apply to multiple names and the certificates issued by Let’s Encrypt normally do. Your single certificate is probably valid for all of the names that you specified.

dr02019 · January 26, 2016, 8:38pm

Nice! Thanks @schoen . I looked, and sure enough: all the SAN’s I asked for are there. I thought I read somewhere that LE didn’t use that feature, but I probably misunderstood.

LE is a HUGE improvement on the previous alternatives for getting certificates! Thank you all for making it. I’ll be sure to support it in all the ways possible to me.