On Sun, 2023-04-23 at 06:47 +0930, Tim via users wrote: > On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote: > > My understanding is that it needs port 80 for the initial token > > negotiation to get the certificate to set up HTTPS. Requiring port > > 443 > > would be a circular dependency. > > [...] > And, testing that: If I disable all port 80 connections, I can > connect > to my webserver using HTTPS over port 443. > > Their error message seems to indicate that *it* wants a connection > response from the webserver on port 80 with your site's domain name > in > the response headers (to prove you own the site). This seems to be a > bizarre requirement. Possibly the cert checker needs programming > better, rather than Apache needing something done to it. > That's entirely possible of course. > Nor should you really have to have a virtual host. You could be a > webserver that you own totally and it only serves your website. It > seems some oddball demands from the cert checker. > I do agree with that. I think it's a specific limitation of Certbot itself, which (from discussions on the LetsEncrypt site) actually messes with your Apache config while it's doing its testing. Other implementations of the ACME protocol don't seem to require this, but I'm just guessing. poc _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue