How to change authorization port for well-known directory?

Server
1

How to change port mydomain.net to mydomain.net:8083 in this case?

I am using 80 port already.

mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" gscguDuAd3N85wYpnjddvYLkOW_FruUPT3tEk4tw-S0.sP1A5HujEV549p1Ofii2HaFAJKSVKW_mB9jQJBQQHgY > .well-known/acme-challenge/gscguDuAd3N85wYpnjddvYLkOW_FruUPT3tEk4tw-S0

run only once per server:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c
"import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler);
s.serve_forever()"

Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ecm.bmcnet.kr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.net/.well-known/acme-challenge/gscguDuAd3N85wYpnjddvYLkOW_FruUPT3tEk4tw-S0: "Apache Tomcat/7.0.x - Error report<!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;back"

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: ecm.bmcnet.kr
Type: unauthorized
Detail: Invalid response from
http://ecm.bmcnet.kr/.well-known/acme-challenge/gscguDuAd3N85wYpnjddvYLkOW_FruUPT3tEk4tw-S0:
"Apache Tomcat/7.0.x - Error
report<!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;back"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
2

Hi @gnh1201,

It is intentional that you can’t do this. The use of port 80 or port 443 is required by Let’s Encrypt CA policy, which in turn is required by the ACME protocol, which in turn is (partially) required by CA/Browser Forum policy in the Baseline Requirements document. This is intended to prevent a customer of a hosting provider from obtaining certificates for the domains of a different customer.

Do you have an existing web server on port 80 that serves files from some directory in your filesystem? If so, you could use the --webroot method, which can perform the authentication using an existing web server, without shutting down that server or interfering with its other functions.

2 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.