Generate TLS certificate on a server that does't have ports 80 or 443 available

I would like to switch to https on a server (server A) that does not have ports 80 or 443 accessible from the outside (ports already used by other services on that network). I have read this post that doesn’t make sense to me as I do not really master that certificate thing. Could I generate a certificate on another server (server B) that I own and that already has caddy running and on witch I have ports 80 and 443 opened and then install it on server A? I could, if needed, change my DNS records on server B so that a subdomain on server B’s domain points to the ip of server A.

Could the ACME TLS-ALPN challenge be an alternative?

Hi @JeanLucLacroix,

The TLS-ALPN challenge is for port 443 - the HTTP challenge is for port 80.

If you can’t have either port, neither challenge will function. You will have to use the DNS challenge.

Alternately, you can cluster Caddy by using redis or consul TLS storage plugins, or simply by sharing the TLS assets folder ($HOME/.caddy) via networked file share. If Server B has Caddy running already, and you cluster it with Caddy on Server A, and Caddy-A requests a certificate, Caddy-B can solve the challenge automatically! (See:


Interesting, I will give it a try. I imagine I can cluster the two servers on sshfs. Can you also develop the procedure for DNS chanlange or point me to a howto just in case the clustering fails?

Have a look at

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.