Creative Commons Attribution-ShareAlike 4.0 International License The content listed below is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Let’s Encrypt without port 80

To obtain a Let’s Encrypt certificate, you have to prove that you control the domain name(s) the certificate will cover. The simplest and most common way to do this involves placing a special file at a special URL on your website, which Let’s Encrypt then checks by making an HTTP request to your server on port 80. Most popular ACME clients such as Certbot can easily automate this domain validation method.

Unfortunately, this doesn’t work in the case where port 80 is closed.

Alternatives to SSH agent forwarding

SSH has a handy feature called agent forwarding that allows you to log in to a remote server and use the keys loaded into your local ssh-agent as if they were on the server. Unfortunately, this useful feature has a downside: it’s not safe to use on servers you don’t trust. Here are some alternatives.

Sandboxing outgoing email

While you’re testing email functionality on a website, you don’t want to accidentally send out mails to all your (or your clients’) end users! There are a few ways to prevent this. Here’s the simplest one I’ve found so far. It allows you to redirect all outgoing email from PHP to a local user (you, for example), so that you can read it with any ordinary mail client. You can also redirect to any arbitrary external email address you own.