From c076ce3ecb345f0d8c10d0bc43f3e54934f26d7f Mon Sep 17 00:00:00 2001
From: Davide Principi <davide.principi@nethesis.it>
Date: Tue, 18 Feb 2025 18:06:20 +0100
Subject: [PATCH] feat: TLS-ALPN-01 challenge requirements

---
 certificates.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/certificates.rst b/certificates.rst
index 48c7e64b..e8e04c57 100644
--- a/certificates.rst
+++ b/certificates.rst
@@ -15,8 +15,10 @@ NethServer 8 can request valid `Let's Encrypt <https://letsencrypt.org/>`_ certi
 
 Requesting Let's Encrypt is possible if the following requirements are met:
 
-1. the server must be reachable from outside on port 80. Make sure your port 80
-   is open to the public Internet (you can check with sites like `CSM <http://www.canyouseeme.org/>`_)
+1. the server must be reachable from outside on port 443. Make sure your port 443
+   is open to the public Internet (you can check with sites like `CSM <http://www.canyouseeme.org/>`_).
+   For nodes installed before the Traefik 3.0.0 release, the same requirement applies to port 80.
+   Starting from new installations of Traefik 3.0.0, only port 443 is required.
 
 2. the domains for which you want the certificate must be public domain
    names associated with the server's own public IP. Make sure you have