Mailinglist Archive: opensuse (621 mails)

< Previous Next >
Re: [opensuse] certbot error
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sat, 08 Jun 2019 20:54:27 +0200
  • Message-id: <qdh093$ega$1@saturn.local.net>
David C. Rankin wrote:

On 06/08/2019 05:22 AM, Dave Howorth wrote:
Thanks, David, and the others who replied. I certainly hope my system
is not reachable over port 80. I run the router in stealth mode and
am concerned that it is still responding to pings and IDENTs.

I didn't realize my system needed to be visible. My whole purpose was
to be able to use HTTPS on my internal network without any external
connections. I suppose I need to do a lot more reading.

You only need port 80 up during cert creation (and then once every 3
months thereafter for update). Once the certs are installed, you can
disable port 80 again.

I use mod rewrite to force all traffic to 443 (which was another layer
of failure I found :)

I always add this condition:

RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge



--
Per Jessen, Zürich (18.4°C)
http://www.dns24.ch/ - your free DNS host, made in Switzerland.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups