I am on nginx web server.
certbot --nginx -d domain_name
I'd do just this when port 80 used to be open. But a client doesn't know how to open port 80. So, I need alternatives.
1
-
7For available methods see letsencrypt.org/docs/challenge-types. Basically it boils down to showing control over the webserver for the domain (needs either port 80 or 443 open) or the DNS server for the domain (needs ability to configure DNS)– Steffen UllrichNov 30 at 5:06
Add a comment
|
1 Answer
You don't need alternatives, you need to educate your client that they are required to make port 80 and/or 443 available for ACME HTTP-01 challenge to proceed.
Client doesn't know — client must either learn that or hire someone competent.
There is a way to change listening port in Certbot, but that feature is to account for a special case when you have something that translates traffic into other port (NAT, reverse proxy and so on). Let's Encrypt will always call you back using TCP ports 80 or 443 when performing HTTP-01 challenge, you can not change that.
Alternative may be the DNS-01 challenge, but it has higher entry level. It's considerably harder to set up properly.
answered Nov 30 at 7:51
