My home connection blocks port 80 and 443. I’ve set the apache server to listen on 81, but I don’t know how to make letsencrypt listen on a port other than 443.
I ran this command: sudo letsencrypt --apache
It produced this output:Failed authorization procedure. somedomain.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to xxx.xxx.xxx.xxx:443 for TLS-SNI-01 challenge
My domain is: a domain I’d rather not share
My operating system is (include version): Ubuntu Server 16.04
My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2016-04-15T18:00:57
My hosting provider, if applicable, is: Home Internet connection
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
Is there a way around this? Also, the IP address is dynamic so I’m using a Dynamic DNS service provided by Dynu to keep DNS up to date. Any tips in the right direction greatly appreciated!
The HTTP-01 and TLS-SNI-01 challenge types require access to either port 80 or 443.
There’s another challenge type, DNS-01, that works via DNS. Basically, you have to create a TXT record for the domains you’re trying to get a certificate for. Certbot does not currently support this, but a number of other clients such as lego do.
This would require that your dynamic DNS provider allows you to create TXT records through some kind of API. As an alternative, you could use a regular domain with a CNAME record pointing to your dynamic DNS hostname. If you’re looking for free options, take a look at www.dot.tk and CloudFlare (they can be used as a DNS-only provider, and they have an API for pushing TXT records, supported by lego).
To clarify, the “normal” verification methods (HTTP-01 and TLS-SNI-01) still require network access to port 80 or 443. If those are indeed blocked by your ISP, you’ll need to use DNS-01 as described earlier.
