Lestencrypt-Standalone cli.ini

Hi every one,
i’m working on generating letsencrypt certification using

/opt/letsencrypt/letsencrypt-auto certonly --standalone -d mydomiane.com

but i got this response:

certbot: error : Unexpected line 1 in /etc/letsencrypt/cli.ini: auth:

This is my cli.ini:

email = myemail.com
auth:
method : standalone
type: http-01
port: 8080
agree_tos = True
renew-by-default = True

i’m going to change it like this one:

email = myemail.com
authentcator = standalone
standalone-supported-challenge = http-01
port: 8080 (How can i change llis line of the port ??)
agree_tos = True
renew-by-default = True

This my question about the port , i don’t have an idea how can i add it?
Thank you

I don’t believe you can change the port - Let’s Encrypt will always reach out over 80/443 (for http-01 and tls-sni-01, respectively). This is a security measure, because being able to listen on an arbitrary high-numbered port is not equivalent to asserting control over a server in a multi-user environment.

You can use the directives --http-01-port and --tls-sni-01-port to specify other ports where certbot will be listening but as you said, Let’s Encrypt will always reach out over 80/443, so these port directives are only useful in cases where you are forwarding port 80 or 443 from the router to a machine in your lan listening in another port or something similar :wink:

1 Like

Whoops, yep! Forgot about that use case.

1 Like

This configuration file uses the equals sign (=) for option assignment, not the colon (:).

Maybe try http-01-port = 8080 if you are really forwarding port 80 to 8080 with a firewall.

By the way, all of these options can be specified on the command-line more easily and they still will be remembered by certbot renew. You should only mess around with cli.ini if you have to issue hundreds of different certificates with the same settings or something.

Thank you for your response

email = myemail.com
authentcator = standalone
preferred-challenges = http
http-01-port = 8080
agree_tos = True
renew-by-default = True

I changed the config like this and i opened the port 8080 in the firewall , every thing is good

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.