在手动模式下生成 Letsencrypt 证书

Question

I am trying to generate a Letsencrypt certificate using --manual plugin. I use "manual" because in my server I have python2.6 and I need python2.7 almost so I generate the certificate from my laptop for then export the certificat. In my case I only can use http 8280 port or https 443 port. So the command I use is:

./letsencrypt-auto certonly --manual --http-01-port 8280

Then it ask to create a secret file on my website and give me a command to do it. After this I have these errors:

Failed authorization procedure. mydomain.es (http-01): 
urn:acme:error:connection :: The server could not connect to the client to verify the domain :: 
Could not connect to http://mydomain.es/.well-known/acme-challenge/_6UES5rHkQ78etjN3HmT4n2l5J66vDs1nCX2APzuzIE

I can acces to my secret file by web navigator so I am sure the conexion with the server is posible. In http://mydomain:8280/.well-known/acme-challenge/ I can see the secret file generated. So I do not have idea why the server could not connect to the client.

Answer 1

LetsEncrypt server does not support switch http port on production yet. And as stated here it will never support arbitrary ports (like 8280 as you are trying). They say it maybe support another privileged port (below 1024) in the future.

Carefully inspecting your error message one can read:

Could not connect to http://mydomain.es/[...]

As shown, Letsencrypt is trying to reach your server at port http 80 (no port specified in the URL means default port 80).

Edit:

You may be able to run tls-sni-01 authentication with standalone mode since you have port 443 availabl.