Let's Encrypt: Interface binding and port usage

Hi all,

when creating a let's encrypt certificate i have to select an interface or additional ip address of an interface. Interface groups are not selectable.

What ist the cause of the selection?

I suggest the interface is used for the communication with the let's encrypt servers (because an internal interface was not working).

Further, if on this interface a service with port 80 is configured, the interface is not selectable. Why?

Is there any further documentation?

 

Thanks, CS

  • Prüf mal unter Fernzugriff -> SSL -> Einstellungen, welchen Port Du verwendest!

  • CS said:

    when creating a let's encrypt certificate i have to select an interface or additional ip address of an interface. Interface groups are not selectable.

    What ist the cause of the selection?

    I suggest the interface is used for the communication with the let's encrypt servers (because an internal interface was not working).

    Exactly. The Let's Encrypt certification authority requires some proof that you own the domain names it is requested to issue certificates for. For that purpose the Let's Encrypt server contacts back to the requested domain names with a validation request. By specifying the interface you tell the UTM where it should expect to receive these validation requests.

    CS said:

    Further, if on this interface a service with port 80 is configured, the interface is not selectable. Why?

    The above mentioned validation uses HTTP on port 80, so the UTM needs to make sure it is able to serve validation requests on TCP port 80.

    If you're interested in more technical detail, please search the internet for the ACME protocol. There should be plenty of articles available that go into more detail.

    Best regards,

    mle