Using Encrypt for non standard ports


#1

Hello. There is an way to use Let`s Encrypt for a non standard web ports, other than 80, 443 to generate a SSL certifficate for an Apache on a Windows platform?

If yes, how can i do that?
Thanks.


#2

Validation needs to be performed on either port 80, 443 or via a special DNS record - this is called dns-01 and supported by a number of clients like lego or any of the clients in the bash category.

Other ports would not sufficiently demonstrate domain ownership, while anyone in control of port 80 or 443 is (practically speaking) indistinguishable from the domain owner.


#3

Hi Oriceon

Further to pfg if you are using non standard ports there are several other approaches you can also use

A) Allow Port Translation Temporarily on your firewall that is to say that if I come in on port 80 the firewall will connect to the web server on your non standard port
B) Redirect port 80 to non standard port on web server side
C) If the site is not in production point it to a temporary web server (look at certbot documents on how to do this) to serve up content
D) PFG is correct if your web server is too hard to configure and you have access to DNS records it’s a lot easier to update those (add a TXT entry and you are done).


#4

Thanks for your good response. What special DNS record to add?
Could you give me an example please?


#5

hi oriceon

It’s usually a TXT record.

Your client should tell you what to add. A screenshot of zerossl (which is what I usually use for training) is below. The client gets this information from LetsEncrypt.


#6

Thanks guys for your time, it works. The solution was zerossl.com with TXT DNS verify.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.