josegonzalez
commented
2 years ago I think if someone can figure out how to modify our default maintenance.conf to scope the location block to not include the .well-known path letsencrypt uses, that would work. That said, I don't have enough time to investigate, and I also don't know if its possible without a weird nginx regex.
I think this is expected. Maintenance gives you the ability to take your app completely offline, while showing a proper message (or even a custom page), which means the app cannot communicate with the internet and so the letsencrypt process won't be able to verify that your app is actually running on the domain specified. I don't think there is a way around that. For my app, I had already obtained a certificate while the app was online and when I enabled maintenance, the page was loaded via https without any problems.