Generate certificate 8443 instead of 443


#1

How can generate a certificate through 8443 instead of 443?

Thank you.


Domain validation on 80 and 443 but no override?
#2

Let’s Encrypt offers three validation methods:

  • HTTP-01, which works on port 80
  • TLS-SNI-01, which works on port 443
  • DNS-01, which does not require any open ports but rather works via a special TXT record you need to create for your domain.

For the DNS-01 method, you’ll need to take a look at the alternative client list, as certbot does not support this method yet. The bash clients or lego all support DNS-01, for example.


#3

Hi there
Thanks for the recommendation. I tried it but then i am getting an message saying that i have a certificate that is more than 30 days so does it mean that i am not able to make use of Let Encrypt to generate the certificate. Even though the certificate is deemed as an invalid certificate.


#4

It depends which client you are using. Most clients have an option to force renewal and ignore the existing cert.


#5

i was making use of bash client. are they able to ignore the existing cert and issue a new one?


#6

Yes. for example with getssl use “-f” on the command line to force it to ignore any current cert and issue a new one.


#7

I tried using -f but i dont think i am issued the certificate yet. I am not sure what changes i have to make with the cfg file. as instructed here.
Then edit ~/.getssl/yourdomain.com/getssl.cfg to have the values you want for this specific domain (make sure to uncomment and specify correct ACL option, since it is required).
The result that i got is getssl: ACL
Is there any other suggestion on how i can go about generating the certificate?


#8

To tell you what to put in the configuration file, I’d need to know a little more about your setup.

I’m assuming that you are trying to use the DNS challenge ( since that’s what psg recommended in the first reply to you). Who is your DNS provider ? What is your domain name ? and how many / what other domains do you want on the same cert ?


#9

My domain name is retina.nie.edu.sg
there is only 1 domain i want to issue the certificate to.
I am using 8443 port.


#10

As @pfg stated in his first answer

So you can not use port 8443 for the validation. You can use any of the 3 methods he lists to obtain a certificate, and then use that certificate on port 8443, however you can not obtain the certificate via validation through that port.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.