Support for ports other than 80 and 443

Wrong again, and you don’t understand what are we talking about here. This should be a project providing certificates for the masses, meaning everyone, NOT to make the life of the ISP’s easier (just a reference to some previous comments how this will affect them). Making it possible to validate the client on any non reserved port can cause no harm, every ISP or corporate network would have those ports closed (for this purpose) anyway and people would be still forced to use 80 and 443 for the challenge. In this case there would be a router/firewall/proxy as an entry point correctly distributing the incoming challenges to the right end points. They would be doing all this on behalf of the customers/employees anyway so no issues here, they are still in control.

Now imagine you are behind a small office firewall/router which has ports 80 and 443 already used (for a company web server or phone system UI or whatever) and does not have the capacity mentioned above. And game over, you can run your Let’s Encrypt client (server) on your station on any port you want but the challenge will never reach back. This is a very common scenario, are you saying that all this people should install additional infrastructure just to test LE staging certificates?

1 Like