Lyle Giese said: > Let's Encrypt requires (according to documentation I have seen) Port 80 > TCP be in use for verification.� I have no other legit use for Port 80 > on this smart host and decided a long time ago, not to use Let's Encrypt > for that reason.
It's trying to verify that you control the systems that the DNS points to. (So it doesn't give you a certificate for google.com or such.) It does that by making a TCP connection to that address, or all of them if there are more than one. An example is IPv4 and IPv6 on the same system. For an Apache web server, certbot has an Apache plugin that knows how to tell the server to provide a "page" containing a magic token. I don't know the details of how it does that. I think it tells Apache to reload the new certificate but I have never done that. Minimal hassle once you get it setup. If you create the certificate with "certbot certonly --standalone" certbot will setup a temporary server on port 80. (or crash if you are already running something there) It's up to you to tell your server where to find the certificate and key and/or copy them to where your server can access them. Works fine for me. (I'm using it for NTS -- network time security. No web server in sight.) -- These are my opinions. I hate spam.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
