I have a similar situation on my server… But I’m using port forwarding for https to 8443 and http to port 83.
Other Servers using default values.
So if you are forwarding the external http port 80 to the machine port 83 then by default the built in http challenge service is on port 80 and you will need to change this by editing C:\ProgramData\Certify\serviceconfig.json and setting HttpChallengeServerPort to 83.
This still relies on whatever other http server you are using (IIS?) to be using the standard http.sys pipeline. If you are using an alternative http server (like Apache etc) you have to use filesystem validation instead as the challenge server will be blocked from listening for http requests.
Thanks for the info, I’m using IIS.
File edited and port changed to 83
In Certify manager I got this after testing :
Built-in Http Challenge Server process unavailable or could not start. Challenge responses will fall back to IIS.
I forgot to say you would may need to restart the Certify background service after making the http challenge server port change.
Even if the challenge response server fails to start the IIS fallback should be working. Does your entire public website for that domain run on port 83 or do you forward http port 80 to port 83 on that server?
Let’s Encrypt will validate your domain by making a request to http://yourdomain/.well-known/acme-challenge and it will not try any other ports. If you are forwarding port 80 externally to port 83 internally that’s ok, but if not then it won’t work and you’ll need to switch to using DNS validation.
it’s the other way around, intranet would still see it on port 80, but internet sees it on port 83.
But we don’t use the intranet portion, hence the reason to port forward.
http://mydomain:83 or https://mydomain:8444
Hi,
Please see our documentation on how to validate domains: Requesting a Certificate | Certify The Web Docs
Proving that you control your own domain is a fundamental part of getting a certificate from Let’s Encrypt and other automated certificate authorities.
You either need to use http validation (port 80) or use DNS validation. Let’s Encrypt (the default Certificate Authority) do not support http validation using port 83 only on port 80, so you need to use DNS validation instead. DNS Validation (dns-01) | Certify The Web Docs
1 Like
Then, I’ll have to shuffle the external ports to make this happen. I’ve already taken the mesures to do this as smooth as possible.
Thanks for all the info
Ok, I strongly recommend that you switch to using DNS validation instead of struggling to use http validation.