Possible to SSH forward port and get letsencrypt?

Hi, this is rather complicated for me so I’d like some advice.

There seem to be some problems with either my ISP blocking port 80 or the firmware on my router is acting up and not port forwarding properly.

I can access my nextcloud from any port BUT 80 from outside my LAN. But I’d still like to have HTTPS with SSL from letsencrypt. I know that I could use a TXT record for my ddns but that costs money.

I instead want to SSH forward the port 8080 to port 80 for my server. Letting my server use the port 80 (which enables letsencrypt possibilities) but I still access my server from outside my LAN on port 8080.
[some documentation on this: https://www.ssh.com/ssh/tunneling/example].

Is this possible and how would I set up my nextcloud to work in this configuration?

Any advice is welcome! Thank you all!

Default https port is 443. Can you use it?

so you run your server at home and want to reach it "from the outside?"
the ssh-tunnel seems kind of dubious to me because if your router’s firmware “acts up” when port-forwarding it’s not likely to have a full-featured, reliable ssh-server.
why don’t you run your whole setup on a different (additional) port? Set up apache to (additionally) listen on port 81, for example. to reach your nc-install from the outside you only have to add the port then, eg http://my.home.ip:81/nextcloud
i also think it’s possible that your router has a webif that runs on port 80 and access to that is blocked from the outside. you could run sth. like openwrt that is better configurable and has iptables.

How so? Cloudflare provides DNS hosting for free, and even has an API that ACME clients can use to set the challenge records (and delete them after they’ve been validated). I’m sure other DNS hosts can be used as well, but I’ve been using Cloudflare for this purpose for several months without any trouble (I’m moving toward my own DNS server using acme-dns, but that’s a separate issue).

But to your question, no, a port forward (be it via SSH or otherwise) from 8080 on the outside to 80 on your Nextcloud instance won’t do the job for Let’s Encrypt validation–they must be able to connect on port 80, or see an appropriate TXT record.


Thank you for all the information! I’ll look into it.

You are correct as to my intentions. And yes it’s a bit dubious. I think i will look into TXT records a bit more.