TLS-SNI disabled and only port 443 available

This is not great for systems that only have port 443 routed to and not 80.

You can use the DNS challenge, which doesn’t need any ports open.

This is correct, but the domain provider does not yet offer the possibility to add TXT entries to the affected domains. And the domains don’t belong to me.

Have 3 certificates that expired today. Now I am waiting for TLS-SNI, because the admin is not available, who could change the routing.

A little late for this time, I’d always suggest renewing certificates 30 days before they expire though to ensure there aren’t any problems such as this.

Are you hosted on one of the major providers, for which TLS-SNI is re-enabled ? I’m guessing not.

There was a problem with the cronjob, so he didn’t do anything at all. The servers are all self hosted with a dedicated connection.

Edit cause of new users limit: No, I have only access to the “nginx SSL proxy” in the DMZ where port 443 is natted to and where letsencrypt has been run standalone so far.

can you run a standalone system on port 80 to verify the domains ?

My strong recommendation is to allow both ports 80 and 443 for any web server, even if port 80 exists only to serve a redirect. That would also resolve this issue, by allowing you to use HTTP-01 validation.

As said, I cannot change that and it seems the port 80 of the IP is used for another thing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.