diafygi · koyae · Mar 13, 2020
diff --git a/README.md b/README.md
@@ -139,6 +139,8 @@ optional arguments:
   -e EMAIL, --email EMAIL
                         contact email, default is webmaster@<shortest_domain>
   -f, --file-based      if set, a file-based response is used
+  -n PORT_NUMBER, --port-number PORT_NUMBER
+                        port-number to listen for challenges on
 user@hostname:~$
 ```
 

diff --git a/sign_csr.py b/sign_csr.py
@@ -7,7 +7,7 @@
     from urllib2 import urlopen # Python 2
 
 
-def sign_csr(pubkey, csr, email=None, file_based=False):
+def sign_csr(pubkey, csr, email=None, file_based=False, port_number=80):
     """Use the ACME protocol to get an ssl certificate signed by a
     certificate authority.
 
@@ -19,6 +19,13 @@ def sign_csr(pubkey, csr, email=None, file_based=False):
                             hosting should be file-based rather
                             than providing a simple python HTTP
                             server.
+    :param int port_number: The port-number to which traffic recieved
+                            on default port 80 is subsequently routed
+                            for processing e.g. 8080. Not relevant if
+                            file-based approach is being used.
+                            (defaults to 80, indicating no extra
+                            routing to other ports occurs after
+                            packets are received on port 80)
 
     :returns: Signed Certificate (PEM format)
     :rtype: string
@@ -322,10 +329,10 @@ def _b64(b):
 sudo python -c "import BaseHTTPServer; \\
     h = BaseHTTPServer.BaseHTTPRequestHandler; \\
     h.do_GET = lambda r: r.send_response(200) or r.end_headers() or r.wfile.write('{2}'); \\
-    s = BaseHTTPServer.HTTPServer(('0.0.0.0', 80), h); \\
+    s = BaseHTTPServer.HTTPServer(('0.0.0.0', {3}), h); \\
     s.serve_forever()"
 
-""".format(n + 4, i['domain'], responses[n]['data']))
+""".format(n + 4, i['domain'], responses[n]['data'], port_number))
 
             stdout = sys.stdout
             sys.stdout = sys.stderr
@@ -443,10 +450,12 @@ def _b64(b):
 """)
     parser.add_argument("-p", "--public-key", required=True, help="path to your account public key")
     parser.add_argument("-e", "--email", default=None, help="contact email, default is webmaster@<shortest_domain>")
-    parser.add_argument("-f", "--file-based", action='store_true', help="if set, a file-based response is used")
+    group = parser.add_mutually_exclusive_group()
+    group.add_argument("-f", "--file-based", action='store_true', help="if set, a file-based response is used")
+    group.add_argument("-n", "--port-number", default=80, type=int, help="port-number to listen for challenges on")
     parser.add_argument("csr_path", help="path to your certificate signing request")
 
     args = parser.parse_args()
-    signed_crt = sign_csr(args.public_key, args.csr_path, email=args.email, file_based=args.file_based)
+    signed_crt = sign_csr(args.public_key, args.csr_path, email=args.email, file_based=args.file_based, port_number=args.port_number)
     sys.stdout.write(signed_crt)