Manual mode on custom port


#1

Hi,

I want to generate cerifcates manually for a third party server. On that server I want to use a custom port for the verification. So I use the following command:

letsencrypt  certonly --manual --http-01-port 6666 -d doamin.tld,sub1.domain.tld,sub2.domain.tld

I’m also using the python command provided:

# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 6666), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()" 

(The server is effectively run to listen to port 6666)
I then create the requested files file on the right locations (/tmp/letsencrypt/.well-known/acme-challenge) for each domain.

For each of them I get the following warning:

2015-12-07 15:37:40,921:WARNING:acme.challenges:Using non-standard port for http-01 verification: 6666

Then the verification step fails:

Failed authorization procedure. sub1.domain.tld (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sub1.domain.tld/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [11.22.33.44]: 404

Of course it fails,l because the request is made on port 80 instead of 6666 as I expected. Besides I checked with a browser, the file is correctly served on port 6666.

Heres my question: Am I doing something wrong? Is that a bug? Or am I misunderstanding the use of --http-01-port option?

Thanks.


#2

Looks like those parameters are not valid for use in production.

I can’t post links because my account is new but go to
GitHub /letsencrypt/letsencrypt/issues/1357#issuecomment-153940848