diff --git a/src/site/markdown/challenge/http-01.md b/src/site/markdown/challenge/http-01.md
index 182a0bd1..15c0a174 100644
--- a/src/site/markdown/challenge/http-01.md
+++ b/src/site/markdown/challenge/http-01.md
@@ -21,6 +21,8 @@ http://${domain}/.well-known/acme-challenge/${token}
 
 The challenge is completed when the CA was able to download that file and found `content` in it.
 
+Note that the request is sent to port 80 only. There is no way to choose a different port, for security reasons. This is a limitation of the ACME protocol, not of _acme4j_.
+
 ## Preferred Address
 
 If your domain name resolves to multiple IP adresses, you can set an explicit address that the CA server should prefer to send the request to. This address must be included in the set of your domain's IP addresses.
diff --git a/src/site/markdown/challenge/tls-sni-01.md b/src/site/markdown/challenge/tls-sni-01.md
index 71bf92c0..0b8b2c33 100644
--- a/src/site/markdown/challenge/tls-sni-01.md
+++ b/src/site/markdown/challenge/tls-sni-01.md
@@ -31,6 +31,8 @@ Now use `cert` and `sniKeyPair` to let your web server respond to a SNI request
 
 The challenge is completed when the CA was able to send the SNI request and get the correct certificate in return.
 
+Note that the request is sent to port 443 only. There is no way to choose a different port, for security reasons. This is a limitation of the ACME protocol, not of _acme4j_.
+
 This shell command line may be helpful to test your web server configuration:
 
 ```shell
diff --git a/src/site/markdown/challenge/tls-sni-02.md b/src/site/markdown/challenge/tls-sni-02.md
index 10e724b4..f7979954 100644
--- a/src/site/markdown/challenge/tls-sni-02.md
+++ b/src/site/markdown/challenge/tls-sni-02.md
@@ -33,6 +33,8 @@ Now use `cert` and `sniKeyPair` to let your web server respond to SNI requests t
 
 The challenge is completed when the CA was able to send the SNI request and get the correct certificate in return.
 
+Note that the request is sent to port 443 only. There is no way to choose a different port, for security reasons. This is a limitation of the ACME protocol, not of _acme4j_.
+
 This shell command line may be helpful to test your web server configuration:
 
 ```shell