Renewal acme-challenge over https



it’s just a simple question, but I haven’t found an - explicit - answer for it, so I hope you can clariffy it for me.

I created a cert with certbot for an expressjs-Webserver. For this, I run a HTTP-only server once for the certbot to find the acme-challenge-file.

Now, as the server is running with ssl as wished, the acme-challenge-file for the renewal can be found ONLY over HTTPS (but with the same path). Will this be a problem later?

Thanks in advance and cheers, Christian


Hi @airheart

yes, this is a problem.

Because the draft

requires a http - GET via port 80 as first connect.

You can redirect this GET to https. But if you want to use http-01 - validation, you must have an open port 80.


Thanks for your quick reply!

Damn … that’s what I thought.

So if I have an automatic redirect from http://…/acme-challenge/file to https://…/acme-challenge/file it should work?

What do you mean with “http-01 - validation”?

Cheers, Christian


Yes, Let’s Encrypt will follow redirects, even to HTTPS.

This means the normal, HTTP-based method of confirming your ownership of the domain. Let’s Encrypt also supports other validation methods like a DNS-based one.


Sounds good! I will keep an eye on this and try a renewal before it might break anything.

I understand

Great. Many thanks to you.

Cheers, Christian


Yes, it’s the default for Certbot :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.