I try to generate a certificate for SSL VPN on fortigate with Azur Authentification
I use port 1697
I have this problem to generate certificates
Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
CAs are only allowed to do validation on specific authorized ports, LE only starts validation on port 80 only. you'll need to do validation on default web server
I believe the built in acme client for the fortigate ssl vpn uses TLS-ALPN, and will only work if it listens on port 443.
I use that to create my certificate
sudo certbot -v certonly --standalone
I give my domain name
so cerbot chose port 80 I don't know how force port 443 or 1697
You can't. Certbot isn't choosing anything; your options are to answer on port 80 or 443, or to use the dns-01 challenge if possible.
That's mostly correct. For an HTTP-01 challenge to succeed, you must respond to requests made to port 80, but you have the option to redirect those requests to port 443. If port 80 is closed, HTTP-01 challenges will fail.
And the TLS-ALPN-01 is on Port 443.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.