How can I change the 80 port that certbot wants?

I ran this command: certbot certonly --standalone
and then I entered my domain name:
It produced this output: Problem binding to port 80: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions

I'm using port 80 and can't change it. I wonder if I can change the port 80 that certbot uses? or How can I change it?

The operating system my web server runs on is: win10
I can login to a root shell on my machine: I don't know
I'm using a control panel to manage my site: no

Well, yes, you can but the HTTP Challenge coming from the Let's Encrypt server will still be on port 80. You can have --standalone listen on a different port but you must then forward or proxy the original HTTP request to that --standalone port

Often, you are better off using a Windows focused ACME Client such as Certify The Web. Or, let us know why you need to use --standalone and we can advise.


Asking if a constant number such as 80 can be changed doesn't make sense to me, I cannot change Pi.
Asking if there is an alternate to using 80, does make sense as a question.

The ACME HTTP-01 challenge requires Port 80. The HTTP-01 challenge of the Challenge Types - Let's Encrypt describes the details. You cannot change to UDP Port 80, it must be TCP Port 80.

If Port 80 is not an option for you there are 2 other choices:

  1. DNS-01 challenge; accessing the Domain's DNS Records are needed.
  2. TLS-ALPN-01; Port 443 is required.

Looks like you are using Windows and something is already using port 80.
The --standalone option would try to start a web service on that same port.


@ElisS Could you perhaps step back a little and explain what you are trying to achieve as there may be different ways to do that same thing. e.g. what is the certificate for. Is it a website, what web server are you running (if any).

If you are trying to get a cert for a home machine you still need a public domain name etc before a public certificate can be issued.

1 Like

If you are running HTTP server on TCP 80 and can control the content of the website, certbot --webroot may be a viable alternative for you.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.