Security Question re: LetsEncrypt checking sites

General question.

Based on my understanding Lets Encrypt will ping a site via HTTP to verify. Even though we are using HTTPs should we be allowing HTTP? Typically this is blocked or another server will redirect http to the https server. Should I be concerned about opening up http [so lets encrypt can work]? If someone can explain why this is ok.

1 Like

There’s this handy article

2 Likes

Hi @michaelm

additional: Please read

Redirects http -> https are supported.

A good configured webserver must have a working port 80 / http. Search engines, users with not so much know how …

1 Like