Let's Encrypt on port 21


I Would like to know if I can install Let’s Encrypt getssl certificate on a ftp server where only port 21 is open? Please note that port 80 or 443 is not open on this server.



Can you use DNS validation? It involves setting a TXT record like _acme-challenge.host.example.com".

(You’l have to set the record to a different value when renewing.)

Can you open port 80?


The short answer is no, Let’s Encrypt will always issue the initial challenge request over port 80 if you’re using HTTP validation. If you can use DNS validation - there are a lot of options even if your DNS provider does not support API access - then you don’t need any ports open.