Creating certificates for Octoprint without needing Port 80 directly exposed

My web server is (include version): Octoprint 1.4.0
The operating system my web server runs on is (include version): Octopi 0.17.0
My hosting provider, if applicable, is: DuckDNS

Hi guys! I just have a question regarding with how secure it is to directly portforward port 80 for my Octoprint (a server that controls my 3d printer) instance? What I have setup so far is setup a reverse proxy via haproxy that redirects any outside connections to a http prompt window that asks the intruder to log in with any of the users that’s saved in my server and if they don’t enter the correct information they get banned via Fail2Ban. And I have an DDNS from DuckDNS that uses a random port I generated , which that port is then mapped to port 80 on my router. However, I want to add an extra layer of security with HTTPS redirects. So I started following this guide on setting it up with Lets Encrypt but I soon discovered that I need to have port 80 visible to the Internet; which I did’t do particularly because I heard doing that was quite unsafe for Octoprint. But it seems that I can’t use Lets Encrypt to create certificates for different ports. Is there anyway I can use Lets Encrypt without having to expose port 80 directly or how can safely show port 80 to Lets Encrypt specifically? Or is there some other platform that allows me to use my random port?

Not for HTTP type authentications.
You would have to use DNS type authentications (much more involved).

Catch all inbound port 80 requests and only proxy those that are looking for HTTP auth challenges.
(i.e. the URL specifically looks for /.well-known/acme-challenge/ some-file-name)

Not to obtain LE certs.

1 Like

I managed to get it working, I had to use the manual DNS challenge mode with Certbot, with this command sudo certbot certonly --manual -d,* --preferred-challenges dns

Also had to make sure that port 443 was mapped to the port im using in order to get it working seamlessly


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.