How to change the port of the HTTP daemon started by ACME?

[iguana007]

Hello,
I want to ask you how to change the port of the HTTP daemon, which is started when the certificates order is triggered.
I would prefer 8080 for example or whatever else.
I am getting "Failed to initialize HTTP daemon" error at the end of the task because my 80 port is being used by HAProxy running on the same node.
Thank you.

 

[cheiss]

Hi,

that is (unfortunately) not possible, Let's Encrypt requires using port 80.
Have you tried using the DNS01-challenge? As that does not require running a HTTP server or the like.

 

[iguana007]

I tried this via CloudFlare, I did the setup + transferred my primary domain DNS there, but it does not work for my clients domains (I host multiple websites on my server) as they do not have DNS in ClodFlare - it adds acme challenge TXT record under my primary domain DNS and ends with validation error.

To make it work - I guess, that I would have to transfer all clients domains DNSs into CloudFlare and create separate site entries there to use different API keys for each of the domains + setup separate challenge plugins in proxmox ACME for each of the domain, so that it would use proper API access to respective domain while adding a TXT record, right?

 

[cheiss]

This seems about right. Seems like bit of a PITA, but DNS-challenge is generally preferred if available (since it also supports e.g. wildcard certificates).

I cannot comment on the Cloudflare-specific details (having never worked with that), but if the API keys are bound to domains (which at least sounds like it), then you have to use separate keys/challenge plugin entries for each domain, yes.