I am on nginx web server.
certbot --nginx -d domain_name
I'd do just this when port 80 used to be open. But a client doesn't know how to open port 80. So, I need alternatives.
Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up.
Sign up to join this communityI am on nginx web server.
certbot --nginx -d domain_name
I'd do just this when port 80 used to be open. But a client doesn't know how to open port 80. So, I need alternatives.
You don't need alternatives, you need to educate your client that they are required to make port 80 and/or 443 available for ACME HTTP-01 challenge to proceed.
Client doesn't know — client must either learn that or hire someone competent.
There is a way to change listening port in Certbot, but that feature is to account for a special case when you have something that translates traffic into other port (NAT, reverse proxy and so on). Let's Encrypt will always call you back using TCP ports 80 or 443 when performing HTTP-01 challenge, you can not change that.
Alternative may be the DNS-01 challenge, but it has higher entry level. It's considerably harder to set up properly.