Certbot on port 8080?


#1

My domain is: Preffer not to tell

I ran this command: sudo certbot certonly --webroot -w /srv/http/ -d mydomain.com:8080

It produced this output: The request message was malformed :: Invalid character in DNS name

My operating system is (include version): 4.8.13-1-ARCH

My web server is (include version): Apache/2.4.25 (Unix)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Let’s Encrypt needs to verify that you control your domain via port 80 (http-01 challenge), port 443 (tls-01 challenge ) or a DNS TXT record ( dns-01 challenge ).

Once you have obtained your certificate, you can use it on port 8080 if you want to, however validation needs to occur via one of the above ports / routes.


#3

A port number isn’t part of a FQDN, and a FQDN is the only thing that should be passed to the -d flag. That’s the cause of your error message–the colon isn’t a valid character.

To use Let’s Encrypt (with any client, not just certbot), either port 80 or port 443 of the requesting machine must be open to the Internet, or you must be able to make (ideally automated) changes to the DNS records for the hostname to add TXT records that validate the domain. You can’t use any other ports. The ACME protocol may see some updates at some point in the future to allow validating on certain specified ports other than 80 and 443, but it will never allow you to specify arbitrary port numbers.

You should also be aware that, when you obtain a certificate from Let’s Encrypt, that certificate is published in public transparency logs, and the world can see that there’s a certificate for “mydomain.com.”


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.