HTTP validation failed when only port 443 is open

I am using a Domino server behind a Fritz!Box. I have configured Port Mapping in the FRitz!Box to map 443 -> 443. Port 80 is not open.

When I try to get a certificate, the HTTP challenge fails with a timeout.

The challenge token is accessible via https://server//html/.well-known … and I can display its content.

I would like to understand, how LE tries to validate the token.

My understanding is that LE tries on port 80 FIRST; if it does not get an answer, port 443 is being checked.

Is this so ?

If not, how can I make sure that the validation succeeds when only port 443 is open?

When I open port 80, validation is ok, BTW.

This may be the case with some CAs, but not with servers/CAs implementing ACME.

Let's Encrypt will only try on port 443 if it receives an HTTP redirect from port 80.

This is due to security concerns relating to shared infrastructure.

makes sense. Thanks for the answer.

This also explains, why it works in my environment when the server is configured to redirect requests on port 80 to 443.

It also explains, why a simple port mapping from 80 -> 443 does not work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.