Invalid port in redirect target: after successful test?


After a successful test for the certificate, the actual certificate renewal fails with an error:

Invalid port in redirect target. Only ports 80 and 443 are supported, not 5011…

And I checked everywhere for port 5011 (IIS site bindings, settings, etc…) but couldn’t find anything.

The full log is attached.

Any ideas?

Your web application is redirecting http to https on a non-standard port. This is your internal configuration that’s causing this, it is not something Let’s Encrypt or Certify The Web is doing.

Let’s Encrypt will attempt to request http://<yourdomain>/.well-known/acme-challenge/<challengeresponsefile> e.g using http on TCP port 80 externally. Your firewall/router then has to direct that request to your server (usually also http on TCP port 80). If the responding server then redirects to https it must redirect to https on the standard port 443.

You can forward at your router any way you want but externally your http must be on port 80 and your https must be on port 443 (if you want to redirect).

So, this is quite confusing so far - but it should be much simpler. By default Certify The Web runs it’s own port 80 http listener during validation, so if you are indeed forwarding port 80 to the server then that should be responding, instead what seems to happen here is your web server (kestrel perhaps?) responds then redirects to https on port 5011. The Test is passing because internally the server can see it’s own port and it all resolves ok.

So, try a restart to see if that helps, but also check how you are forwarding http externally to your internal service (is it to IIS on port 80 or is it to something else on a different port?).

If for any reason you can’t use http validation, you can use a variety of DNS validation options.

1 Like