Security Question re: LetsEncrypt checking sites

michaelm · January 29, 2020, 1:02pm

General question.

Based on my understanding Lets Encrypt will ping a site via HTTP to verify. Even though we are using HTTPs should we be allowing HTTP? Typically this is blocked or another server will redirect http to the https server. Should I be concerned about opening up http [so lets encrypt can work]? If someone can explain why this is ok.

Nekit · January 29, 2020, 1:05pm

There’s this handy article

JuergenAuer · January 29, 2020, 1:34pm

Hi @michaelm

additional: Please read

Redirects http -> https are supported.

A good configured webserver must have a working port 80 / http. Search engines, users with not so much know how …

system · February 28, 2020, 1:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lets Encrypt certificate expiration Help	3	507	February 22, 2020
Let's Encrypt on port 21 Server	3	824	August 10, 2018
Internet ports that Let's Encrypt uses for its renewal Help	3	7441	March 1, 2023
Question about port 80 Help	3	521	November 29, 2022
Cannot forward port 80 - any workaround? Server	8	5591	February 28, 2016

Security Question re: LetsEncrypt checking sites

Related topics