Port 80 Not available for new cert

Due to security reasons our server is only available over port 443.

Is there a way to have the verification of the cert done over port 443???

At the moment the cert server tries to access it over port 80

HTTP-01 validation will always make an initial HTTP connection on port 80, though it will follow redirects to HTTPS on port 443. If you have a frontend CDN or load balancer that can redirect to HTTPS, it may work for you.

TLS-SNI-01 validation uses port 443. On the other hand, it operates by setting up a magic self-signed certificate for a special subdomain. It works smoothly if your ACME client and web server have good integration – for example, Apache and “certbot --apache” – but most load balancers/CDNs/security appliances will make it difficult or impossible to forward random TLS sessions, so it may not be practical in your environment.

DNS-01 validation works by setting a special TXT record. Let’s Encrypt obviously has to be able to query your DNS servers, but your web server doesn’t have to be accessible at all. If your DNS provider has a good API, that might work very well for you.

The DNS that we use for our domain is hosted on a CPanel server but the webserver we’re looking to use LE on is hosted on another server altogether.

Can I manually create the TXT record myself?

Yes, but you would have to do this every 60 days to renew your certificate.

Note that it's fine to listen on port 80 if you're only doing it to redirect to 443. See for example this guidance: The HTTPS-Only Standard - Compliance Guide

1 Like

hi @jd101

You really should provide a full context so proper solutions can be advised

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.