From my own test server (in AWS) I cannot reach you using HTTP (port 80). As I showed above.
I do not know the extent of systems that cannot reach you.
5 Likes
Even “Schrödinger's cat”? 
4 Likes
There are two:
DNS-01authentication.TLS-ALPN-01authentication.
For more detail, see: Challenge Types - Let's Encrypt (letsencrypt.org)
6 Likes
That's already what you're trying now and it's failing..
6 Likes
Thanks, but after reading, both are not an option for me.
DNS TXT record will cost me $2/month for the privlege and
TLS ALPN isn't supported by apache and sounds confusing.
It's becoming more and more evident that the powers that be want to only service those with a seat at the table, and the rest of us will be on port 80, getting hacked and scaring visitors away with the scary warnings they'll generate if using a self-signed cert.
1 Like
Welp, buypass worked. Even works with certbot, autorenews, et. al. What's not to like?
Thanks, but I guess I'm a buypass guy now. Do appreciate the helpless though!
1 Like
Glad you are happy. Below is a commonly used test site. You might have some more work to do yet
https://www.ssllabs.com/ssltest/analyze.html?d=ggg.sites.net&hideResults=on
5 Likes
Thanks, but its sYtes with a Y.
Certs valid, I'm connected and the cert on my browser checks out; however that ssllabs site also threw some errors at me.
I'll give it a day or two to bake, this was all just done today, could be there's some propagation or someting - or it's a commie plot! hehehe
1 Like
https://httpd.apache.org/docs/trunk/mod/mod_md.html
apache mod_md module can grab cerrificate as an ACME client: not sur ehow well it works, as I didn't personally used it
5 Likes
Yes, your bad and my bad too. I used your link from this post (with i not Y).
My earlier curl test used the Y version. Still, SSL Labs fails for that too
https://www.ssllabs.com/ssltest/analyze.html?d=ggg.sytes.net
2 Likes
It works great. And, supports TLS-ALPN-01 challenges. Not sure it would help in this case since there seem fundamental connectivity problems.
I see the Buypass cert in the CT logs so if that much is working maybe best to leave it alone 
4 Likes
what's the CT logs?
Also -those connectivity issues are persisting, and I tried a dry run at the cert renewal that fails, for the same DNS check. So, I'll either be manually updating it every 6 months, or moving to a self-signed cert. Or, continue paying thru the nose for hosting online, since the powers that be are definitely abusing DNS priv's to restrict my audience. Really beginning to smell like a rat at this point.
Certificate Transparency logs. These are public records of publicly issued certs. Various tools allow search such as crt.sh or
https://ui.ctsearch.entrust.com/ui/ctsearchui
2 Likes
You need to learn how to work the system.
There are several free DNS providers.
You don't need to change DSPs.
All you need is CNAME(s) to point request on your DNS system to their DNS system.
Confusing is everything we don't know yet.
But mod_md supports TLS-ALPN and it works with Apache.
See:
5 Likes
From around the world there is some issues of "Connection timed out"; looks like some geographical blocking
HTTP Connectivity issues Permanent link to this check report
HTTPS Connectivity issued Permanent link to this check report
4 Likes
A Certbot --dry-run might use the Let's Encrypt Staging system rather than the Buypass endpoint. You should look at the log in /var/log/letsencrypt to be sure. That is what --dry-run does by default I just don't know if it auto-adjusts for Buypass.
5 Likes
I haven't seen any code for it to use any other staging system [only LE].
2 Likes
rg,
roger! wilco - work the system...
Finally, somebody that has inspired me to tinker some more. I'll try a new DSP, and a new domain name will obviously be needed. I'm down!
No-ip would probably work if I just paid them for the TXT record, but maybe not.
Anyone know of a DSP that offers a free A record AND a TXT record too?
Thanks man! You're all right, I don't care what all these other naysayers say...
CloudFlare?
Which could also work via DNS-01 authentication.
3 Likes
@encryptingFTW check this list
3 Likes