We are planing to open port 80 for autorenewal of the certificate

SantoshDhanaraj · July 15, 2020, 8:34am

We are planing to open port 80 as the autorenewal cron job was failing due to port 80 was closed.
We have descided to open port 80 only for certbot, since certificate gets renewed from https://acme-v02.api.letsencrypt.org/ and once we tried to reach the same site via ping we got the IP to be 172.65.32.248

We are planing to open the port only for IP 172.65.32.248, will the IP change in future

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://testingweb.southeastasia.cloudapp.azure.com/

I ran this command: certbot renew

It produced this output: certificate is not due for reewal

My web server is (include version): apache2

The operating system my web server runs on is (include version): Ubantu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

JuergenAuer · July 15, 2020, 9:17am

Hi @SantoshDhanaraj

please read

and the FAQ.

If you want to use http validation, not only the outgoing ip address must be open. You have to allow incoming requests from other ip addresses.

ski192man · July 15, 2020, 11:01pm

Let’s Encrypt validates from 3 different IP addresses out of their pool of many. These can change frequently and without notice.

You have to allow all addresses to reach your server, however you can restrict that to the .well-known/acme-challenge/ directory

EDIT: I should note this is only if you want to use HTTP validation, you can use DNS01 without allowing external access to the server. Provided your ACME client and DNS provider supports it.

SantoshDhanaraj · July 16, 2020, 5:19am

Hi @ski192man and @JuergenAuer,

Is there any way for use to check what authentication mentod is been used DNS-01 or TLS-ALPN-01 or HTTP01 , are there any way to find them.

Thanks for the responce

JuergenAuer · July 16, 2020, 7:47am

That's something of your client you use. It's your decision.

Please start with the basics.

Then select a client.

system · August 15, 2020, 7:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewal does it need port 80 to be open Help	3	854	August 13, 2020
Certbot auto renewal needs port 80 to be enabled? Issuance Tech	3	6029	December 18, 2019
Certbot renew authentication on port 443 instead 80 Help	2	2383	November 11, 2021
I tried to renew my SSL cert this morning and now can't reach the site Help	5	846	December 23, 2021
[SOLVED] Certbot opening port 8080 Help	18	282	August 31, 2024

We are planing to open port 80 for autorenewal of the certificate

Related topics