Does auto renewal require ports to remain open?


#1

I used letsencrypt-auto to get a cert. and opened the ports only for that purpose; I will be using other ports practice and they will be locked down.

Will I have to open the 80/443 ports before requesting a renewal, or set up a cronjob to do that for auto renew?

Thanks


#2

Generally, yes.

Once you have validated your domain with your account key, it is remembered for a period of time ( currently 60 days, reducing at some stage in the future to possibly 7 days). If you currently renew within that period, then you won’t need to re-authorise. After that period, you would need to re-authorise and hence would need the ports open.

You can use a hook script with certbot to open the ports just prior to the renewal and close again afterwards though.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.