Verification on non standard port 80


#1

Some ISP’s prevent or block Inbound port 80 for some security reasons, mainly, related to the client’s router’s web based configurations, TEData in Egypt is an example.

Your verification process is carried out through port 80, to finally, allow https through port 443.

The question here: Why only the process is restricted on port 80? What’s the problem with using another non standard ports such as 8080 or 888 by temporary making the server listen to one of those ports?


#2

Hi,

I believe that topic was being discussed before…

(I’ll find the topic & replace this line)

The ports are only limited to port 80 because that’s the standard port… However users could make a redirect from 80 to other ports… (It’s a myth that let doesn’t allow port 8080…)

Ports other than 80,8080,443 are disabled mainly because they aren’t standard webserver ports… In this case, you could always use DNS validation to request a certificate from LE.

Thank you


#3

As I regarded my ISP block port 80 Inbound traffic at all, so LE will not able to access the server. I have freemyip.com dynamic dns and there is no way to use DNS validation for it.


#4

It should be possible to use port 443 for authentication again since 8 days ago, when the tls-alpn-01 challenge was enabled in production.

This new challenge should also be supported in certbot version 0.25.0, but has partially been removed in version 0.25.1.


#5

I think this support is limited to the acme module & allowing the challenge type to be parsed. I don’t believe there is a Certbot version available that can validate authorizations with TLS-ALPN-01.


#6

Ah, I see, that’s a pity.


#7

Again, and again, and again…






…and no doubt others as well.


#8

If you have the ability to set up a CNAME record with them, then you can use DNS challenges by pointing that record to either your own server and run acme-dns, or to a free DNS provider that has an API, such as Cloudflare.


#9

You can either use a DDNS that supports DNS validation, like Dynu, or somehow find a way to unblock port 80 or 443. Otherwise, Let’s Encrypt cannot support your use case and you need to look elsewhere.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.