Replies: 1 comment 1 reply
-
|
Yes if you use the http domain validation option (which is usually the default) you need to keep port 80 open for http. This is a requirement set by the Certificate Authority (e.g. zerossl, Let's Encrypt etc) and not by acme.sh. The alternatives include |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you for taking the time to answer that so nicely! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is there a reason when you renew a cert curl uses http, port 80, and not https, port 443? It seems like it would be more secure to use https.
The reason I noticed this is for a while chrome was making a big deal out of http web pages, stating that they are insecure. After I got the cert and https working, I wanted to end normal http access. I looked through the docs for the web server a couple of times and I could not find a definitive solution that worked. In the end I would up blocking it at the router. That worked fine, but when I went to renew the certs, I kept getting timeouts from curl. It took me a bit to remember the business with the router, and as soon as I let http back in again, the renew process ran perfectly.
So, probably not a big deal but shouldn't the renew process use https and not http?
Beta Was this translation helpful? Give feedback.
All reactions