Internet ports that Let's Encrypt uses for its renewal

Good morning, my certbot stopped renewing automatically, after installing my firewall. I would like to know which ports do I need to release for the let's encrypt service to work again?

Port 80 for the http-01 challenge, port 443 for the tls-alpn-01 challenge and possibly if HTTP is redirected for HTTPS also for the http-01 challenge.

See also:


Given that your "installing my firewall" statement lacks all kinds of details...
And, in case it isn't obvious, the ACME client ("certbot") must be able to reach the CA.
Which generally means outbound HTTPS must also be allowed.
And it could also involve outbound DNS, HTTP, and maybe even NTP.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.