To not use port 80, the only challenge mode left is TLS-ALPN-01 (WRONG! We still have DNS Validation. Seems like my knowledge base is a bit outdated. But at least this is a cute little automated method.). The process involves:
- A pair of self-signed SSL certificate and key.
- An ALPN challenge responder.
- A certificate request initiater.
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ssl-cert-snakeoil.key -out ssl-cert-snakeoil.pem