We are planing to open port 80 for autorenewal of the certificate

We are planing to open port 80 as the autorenewal cron job was failing due to port 80 was closed.
We have descided to open port 80 only for certbot, since certificate gets renewed from https://acme-v02.api.letsencrypt.org/ and once we tried to reach the same site via ping we got the IP to be 172.65.32.248

We are planing to open the port only for IP 172.65.32.248, will the IP change in future

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://testingweb.southeastasia.cloudapp.azure.com/

I ran this command: certbot renew

It produced this output: certificate is not due for reewal

My web server is (include version): apache2

The operating system my web server runs on is (include version): Ubantu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @SantoshDhanaraj

please read

and the FAQ.

If you want to use http validation, not only the outgoing ip address must be open. You have to allow incoming requests from other ip addresses.

2 Likes

Let’s Encrypt validates from 3 different IP addresses out of their pool of many. These can change frequently and without notice.

You have to allow all addresses to reach your server, however you can restrict that to the .well-known/acme-challenge/ directory

EDIT: I should note this is only if you want to use HTTP validation, you can use DNS01 without allowing external access to the server. Provided your ACME client and DNS provider supports it.

2 Likes

Hi @ski192man and @JuergenAuer,

Is there any way for use to check what authentication mentod is been used DNS-01 or TLS-ALPN-01 or HTTP01 , are there any way to find them.

Thanks for the responce

That’s something of your client you use. It’s your decision.

Please start with the basics.

Then select a client.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.