Does auto renewal require ports to remain open?

I used letsencrypt-auto to get a cert. and opened the ports only for that purpose; I will be using other ports practice and they will be locked down.

Will I have to open the 80/443 ports before requesting a renewal, or set up a cronjob to do that for auto renew?


Generally, yes.

Once you have validated your domain with your account key, it is remembered for a period of time ( currently 60 days, reducing at some stage in the future to possibly 7 days). If you currently renew within that period, then you won’t need to re-authorise. After that period, you would need to re-authorise and hence would need the ports open.

You can use a hook script with certbot to open the ports just prior to the renewal and close again afterwards though.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.