diff --git a/README.md b/README.md
index af4deaf0c985f6b12b37094ef461a7411d1dc16c..ef6aa36cb94fc1d2a98b3a477552bec3f5d2c6bb 100644
--- a/README.md
+++ b/README.md
@@ -186,6 +186,8 @@ connection = "acme-dns.db"
 [api]
 # domain name to listen requests for, mandatory if using tls = "letsencrypt"
 api_domain = ""
+# autocert HTTP port, eg. 80 for answering Let's Encrypt HTTP-01 challenges. Mandatory if using tls = "letsencrypt".
+autocert_port = "80"
 # listen port, eg. 443 for default HTTPS
 port = "8080"
 # possible values: "letsencrypt", "cert", "none"
@@ -214,6 +216,7 @@ header_name = "X-Forwarded-For"
 ```
 
 ## Changelog
+- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
 - v0.2 Now powered by httprouter, support wildcard certificates, Docker images
 - v0.1 Initial release
 
diff --git a/config.cfg b/config.cfg
index 3996c611aded884b6252035648cd6e5375aae7b6..f8e91460a7c925eab665217d3e34f47b0add79d3 100644
--- a/config.cfg
+++ b/config.cfg
@@ -36,6 +36,8 @@ connection = "/var/lib/acme-dns/acme-dns.db"
 api_domain = ""
 # listen ip eg. 127.0.0.1
 ip = "0.0.0.0"
+# autocert HTTP port, eg. 80 for answering Let's Encrypt HTTP-01 challenges. Mandatory if using tls = "letsencrypt".
+autocert_port = "80"
 # listen port, eg. 443 for default HTTPS
 port = "80"
 # possible values: "letsencrypt", "cert", "none"
diff --git a/main.go b/main.go
index 036818b3cb0d0abec2e94f2d01f8eb607dd47760..d1cbbd13965e5e1b66393dc25443c6dbd8efe308 100644
--- a/main.go
+++ b/main.go
@@ -83,6 +83,9 @@ func startHTTPAPI() {
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(Config.API.Domain),
 		}
+		autocerthost := Config.API.IP + ":" + Config.API.AutocertPort
+		log.WithFields(log.Fields{"autocerthost": autocerthost, "domain": Config.API.Domain}).Debug("Opening HTTP port for autocert")
+		go http.ListenAndServe(autocerthost, m.HTTPHandler(nil))
 		cfg.GetCertificate = m.GetCertificate
 		srv := &http.Server{
 			Addr:      host,
@@ -90,7 +93,7 @@ func startHTTPAPI() {
 			TLSConfig: cfg,
 			ErrorLog:  stdlog.New(logwriter, "", 0),
 		}
-		log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS autocert")
+		log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS, using certificate from autocert")
 		log.Fatal(srv.ListenAndServeTLS("", ""))
 	case "cert":
 		srv := &http.Server{
diff --git a/types.go b/types.go
index 961de479bc121a473abe43e3f39d0e34b9f13cb9..1f5c42019553cc9eae4f64f11b4999d73d8d29f0 100644
--- a/types.go
+++ b/types.go
@@ -52,6 +52,7 @@ type dbsettings struct {
 type httpapi struct {
 	Domain           string `toml:"api_domain"`
 	IP               string
+	AutocertPort     string `toml:"autocert_port"`
 	Port             string `toml:"port"`
 	TLS              string
 	TLSCertPrivkey   string `toml:"tls_cert_privkey"`