Help with new cert on selfhosted ubuntu where port 80 is blocked


#1

I’ve previously had a certificate that I validated on port 443 before that approach was removed. Since it was just renewing since then, it was fine until I did a new install to upgrade to 18.04. I didn’t properly backup letsencrypt so I have been trying to re-certify. I have no-ip for the domain dns, and can add TXT DNS entries but that doesn’t seem to be an option anymore. Any suggestions?

My domain is:
andamp13.hopto.org

I ran this command:
sudo ./certbot-auto certonly --standalone --preferred-challenges tls-sni -d andamp13.hopto.org
sudo certbot certonly --standalone --preferred-challenges dns -d andamp13.hopto.org
and other variations

It produced this output:
either: timed out trying to connect for port 80 solutions, or no valid verification for this host. (paraphrasing)

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
ubuntu server 18.04

My hosting provider, if applicable, is:
self, on an IPS that blocks port 80.

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

Hi @rebootd

tls-sni-01 - validation is deprecated and will be deactivated. See

https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209/2

The dns-01 - validation should work, if you don’t have an open port 80. But not with --standalone, use instead (first time) --manual.

Or check if your dns provider supports an API you can use.

Perhaps acme.sh is an option. There are > 50 dns provider supported.


#3

Thanks! I have no issue switching dns providers if you know of recommendations? I just picked one that my router supports for dynamic updates, but I can run that on my server too.