From 659df6967ea3dae1912bd82ab0d35c282838f4ac Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 17 Nov 2015 16:17:43 -0700 Subject: [PATCH] letsencrypt: Don't assume default port of 443 --- caddy/letsencrypt/letsencrypt.go | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/caddy/letsencrypt/letsencrypt.go b/caddy/letsencrypt/letsencrypt.go index 7de0ac8d..0ac36f02 100644 --- a/caddy/letsencrypt/letsencrypt.go +++ b/caddy/letsencrypt/letsencrypt.go @@ -218,7 +218,7 @@ func existingCertAndKey(host string) bool { // disk (if already exists) or created new and registered via ACME // and saved to the file system for next time. func newClient(leEmail string) (*acme.Client, error) { - return newClientPort(leEmail, exposePort) + return newClientPort(leEmail, "") } // newClientPort does the same thing as newClient, except it creates a @@ -469,14 +469,10 @@ var ( // Some essential values related to the Let's Encrypt process const ( - // The port to expose to the CA server for Simple HTTP Challenge. - // NOTE: Let's Encrypt requires port 443. If exposePort is not 443, - // then port 443 must be forwarded to exposePort. - exposePort = "443" - - // If port 443 is in use by a Caddy server instance, then this is - // port on which the acme client will solve challenges. (Whatever is - // listening on port 443 must proxy ACME requests to this port.) + // alternatePort is the port on which the acme client will open a + // listener and solve the CA's challenges. If this alternate port + // is used instead of the default port (80 or 443), then the + // default port for the challenge must be forwarded to this one. alternatePort = "5033" // How often to check certificates for renewal.