Apache 2.4 on Debian 8
certbot-auto version: 1.1.0 (webroot mode)
Hello
I use Certbot for my SSL ceryificat
i Have one domain and one sub-domain (2 certificates with webroot mode)
on the sub-domain, i also have 2 vhosts with different SSL port
sub.domain 443
sub.domain: 4431
sub.domain: 4432
All working great from months
but tonight when i make a “renew” for my domain and the sub-domain, they working great but those who use a different port no longer seem to have correct certificates (yet until now everything worked without problems, and even the sub-domain on ports 4431 and 4432)
Do you have any advice or an explanation why the sub-domain is ok, but not the ones with different ports?
thank you very much in advance
Let’s Encrypt will only allow challenges to be completed over “authorised” ports. That’s a requirement from the CA/B Forum, to which all public certificate authorities have to adhere. The ports used by Let’s Encrypt are port 80 (http-01 challenge) and port 443 (tls-alpn-01 challenge). Port 53 is also allowed for the dns-01 challenge, but isn’t that relevant in this question, as the DNS servers are “off site” most of the time at the DNS provider.
Port 4431 and port 4432 have never been allowed to connect to.
However, if the sub-domain used by those different ports are identical, it doesn’t really matter: the same certificate can be used for all three virtualhosts.