How can I authenticate the ownership of the server without opening port 80 in letsencrypt using nginx?

I am on nginx web server.

certbot --nginx -d domain_name

I'd do just this when port 80 used to be open. But a client doesn't know how to open port 80. So, I need alternatives.

Hello @test2, welcome to the Let's Encrypt community. :slightly_smiling_face:

Here are the Challenge Types - Let's Encrypt, the DNS-01 challenge does not need access to Port 80;
also it allows for issue certificates containing wildcard domain names.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!


In addition to the DNS Challenge Bruce mentions ...

Could the client front their nginx with something like caddy that supports TLS-ALPN which uses port 443

If client uses Apache it has mod_md which also supports TLS_ALPN

Maybe use Cloudflare and its Origin CA Cert. Cloudflare CDN handles the HTTPS and certs for you and use its Origin CA Cert for your origin server.


Would you mind providing how do I do dns-01 challenge in nginx? A link would be good as well.

You can't.
nginx is a web server - that can only serve HTTP/HTTPS request.
DNS servers serve DNS requests.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.