Standalone without Webserver but port 80 already used

I would like to use Letsencrypt to secure a domain (and its subdomain) but on the server runs Rancher (https://rancher.com) which runs on port 8443 (no problem) there but it also uses in the background the port 80 and 443 as services are exposed via Ingress in my case.

Trying to use the --standalone doesn't work as it keeps on saying that the ports are already used and I don't have nginx installed because not needed.

Is there a way to use the standalone option but with specifying another port to be used?

D.

1 Like

Welcome to the Let's Encrypt Community, Daniel :slightly_smiling_face:

An http-01 challenge starts from a domain name on port 80 (http) then follows up to 10 redirects to domain names on either port 80 (http) or port 443 (https). IPv6 addresses (DNS AAAA records) are given priority over IPv4 addresses (DNS A records) for challenge requests.

You can probably use the webroot authenticator instead of the standalone authenticator.

1 Like

OR
If the port 80 service (and the others attached with it) can be temporarily turned off, you should then be able to use --standalone (get the cert) and then restart the port 80 service.
OR
If the port 80 service can be configured to proxy specific paths, you could proxy the challenge requests to any other port within that same system. That would allow you to run certbot in --standalone mode but on an unused port.
OR
If you could move the current service on port 80 to any other port. This would allow you to insert a proxy and handle the challenge requests properly whilst continuing the previous port 80 connections via proxy.
OR
Use DNS-01 authentication.
OR
...
OR
...

[There are many many ways to achieve the same end goal - the choice is all yours]

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.