Help with new cert on selfhosted ubuntu where port 80 is blocked


I’ve previously had a certificate that I validated on port 443 before that approach was removed. Since it was just renewing since then, it was fine until I did a new install to upgrade to 18.04. I didn’t properly backup letsencrypt so I have been trying to re-certify. I have no-ip for the domain dns, and can add TXT DNS entries but that doesn’t seem to be an option anymore. Any suggestions?

My domain is:

I ran this command:
sudo ./certbot-auto certonly --standalone --preferred-challenges tls-sni -d
sudo certbot certonly --standalone --preferred-challenges dns -d
and other variations

It produced this output:
either: timed out trying to connect for port 80 solutions, or no valid verification for this host. (paraphrasing)

My web server is (include version):

The operating system my web server runs on is (include version):
ubuntu server 18.04

My hosting provider, if applicable, is:
self, on an IPS that blocks port 80.

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


Hi @rebootd

tls-sni-01 - validation is deprecated and will be deactivated. See

The dns-01 - validation should work, if you don’t have an open port 80. But not with --standalone, use instead (first time) --manual.

Or check if your dns provider supports an API you can use.

Perhaps is an option. There are > 50 dns provider supported.


Thanks! I have no issue switching dns providers if you know of recommendations? I just picked one that my router supports for dynamic updates, but I can run that on my server too.