[ale] let's encrypt cert renewals?
Ben Coleman
oloryn at benshome.net
Thu May 11 13:16:13 EDT 2017
On 5/11/2017 09:22 AM, Kyle Brieden wrote:
> Short story is this: For whatever reason, LE servers *must* be able to
> reach your site at 80 and 443.
Actually, I think this depends on which plugin you're using. According
to the docs, the apache and nginx plugins use the tls-sni-01 challenge,
which requires port 443. The webroot plugin (which is what I'm using on
my sites) uses the http-01 challenge, which requires port 80 (but it
will follow redirects). If you're using webroot, it appears that you
*have* to have port 80 available.
Given that DJ's problem is using tls-sni-01, I'd say he's probably using
the apache or nginx plugin. Given that his setup has successfully
renewed before (and assuming that LE's error messages distinguish
between 'failed to connect' (i.e. timeout) and 'connection refused'), I
might suspect a (hopefully temporary) routing failure between LE's
authentication servers and DJ's sites.
Ben
--
Ben Coleman oloryn at benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20170511/c898058a/attachment.sig>
More information about the Ale
mailing list