Ports 80/443 blocked prevent DERP server SSL automation via HTTP-01 challenge
criticalconfigurationUpdated Mar 2, 2026(via Exa)
Technologies:
How to detect:
When VPS provider or ISP blocks ports 80 and 443, Let's Encrypt HTTP-01 challenge fails with 'no viable challenge type found' error, preventing automatic SSL certificate acquisition for DERP server
Recommended action:
Switch to DNS-01 challenge using Cloudflare API: Create Cloudflare API token with Edit zone DNS permissions, install certbot with dns-cloudflare plugin in Python venv, store token in /root/.secrets/cloudflare.ini with chmod 400, run certbot with --dns-cloudflare and --dns-cloudflare-propagation-seconds 60