Get Let's Encrypt Certificates With Blocked Ports by ISP

I am creating a LAMP server for a personal cloud (Nextcloud). I want to download the SSL certificated but my ISP block the inbound communication of HTTP in the port 80 and HTTPS in the port 443, but my ISP allows HTTPS over 80 and HTTP over 443 (or any other door).

I have no problem using a different port for HTTP ou HTTPS (with self signed certs) over other ports but I found out that in order to get the LE certs they have to test on your ports 80 and 443.

Is there any workaround like using other ports or marking the connection so it does not look likes HTTP/HTTPS? Can I use UDP instead of TCD (I am not sure that it will help though)

Hi @riparise,

Let’s Encrypt offers three validation methods. One of them requires inbound TCP port 443, while another requires inbound TCP port 80. You cannot choose another port and you cannot use UDP instead of TCP.

The third method requires the ability to create requested records in your DNS zone in order to prove that you have control over the DNS records for your domain name. Can you do that?


Hi Schoen,

Thank you for your prompt answer. I tried to set up the DNS challenge using
sudo certbot certonly --manual --preferred-challenges dns

I did the both validations in the txt record and checked in the if the records were already working before continuing.

Nonetheless I received the error
ReadTimeout: HTTPSConnectionPool(host=‘’, port=443): Read timed out. (read timeout=45)
And the same error using the staging environment
ReadTimeout: HTTPSConnectionPool(host=‘’, port=443): Read timed out. (read timeout=45)

Furthermore when I check in it seems like everything is working. Do you have any Ideas?

I am using Apache2, PHP7.0, and Nextcloud.

Hi @riparise,

It should be good to show the entire output of that command (add --staging to the command so you won't reach rate limits).

Could you please show the output of these commands?.

curl -IkL
curl -IkL


Those errors refer to a blocked outbound connection from you to the Let’s Encrypt server, not to an attempt to use an inbound port.

The commands that @sahsanu has suggested should help diagnose this problem.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.