Problem using non-standard port


I have a home webcam server that I want to access via https. Thus, I’m trying to set up a LetEncrypt certificate. My internet provider (Comcast) provides a non-static IP address and blocks port 443, so I have to use an alternate port and route through a DDNS service (Dynu).

I’m thinking I need to use certbot’s DNS verification to achieve this, and have executed the following command on my server…

sudo certbot certonly –manual –preferred-challenges dns

I specified for the domain, and created a TXT record in the DNS with the text…

I get an error saying “No TXT record found at”

Where am I going wrong?


Hi @mn1247

if you use dns-challenge, the port is irrelevant.

I can’t find a dns txt entry. Did you create one with the name

and the value m17HqrYSurdnIYxxxxxxxxxxxxxxxxxxx?

Or did you create one with the name without a value?

Perhaps share a screenshot of your dns menu.


Now I see the problem.

D:\temp>nslookup -type=txt text =


You have created a new txt entry with the name and the wrong content.

The name must be

and the content must be


The content will change if you try it again.


Hi @mn1247,

As @JuergenAuer said, you have created the wrong TXT record, as you are using dynu, your TXT record should look like this:

Keep in mind that if the validation already failed, then this token m17HqrYSurdnIYYOR4IC3n7xZyAi61hPNoOi2zehGVY won’t be valid and you should execute the certbot command again, take the new token and update the TXT record on dynu.

Good luck,


That solved it! Thanks so much for all the help.

One follow-up question if I may… how do I auto-renew the certificate? If I type

sudo certbot renew --dry-run

I just get errors about not having an authentication script. Is there an example of how to do this?
Thanks again


You cannot auto-renew when using --manual.

Consider using, which supports automatically renewing via Dynu’s DNS API.

(If you want to keep using Certbot, you can write your own script to talk to the Dynu API and perform the DNS update -



I’m also a Comcast Xfinity user.

Comcast does not block any incoming http / https ports, I believe they blocked outgoing connections to SMTP ports. (And there might be other ports that are blocked, I haven’t discovered any yet)

If your http and https ports are blocked, you might want to contact Comcast customer service to sort this out…

Thank you


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.