That would mean we need to have http and https port mappings open (when behind router). Currently we have single port open mode and switch between http and https.
I think we will disable http access completely and have it only for https certificate renewals. This should simplify the logic.
Let's Encrypt has disabled TLS (HTTPS) verification mode and forces clients to switch to HTTP mode: https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316
That would mean we need to have http and https port mappings open (when behind router). Currently we have single port open mode and switch between http and https.
I think we will disable http access completely and have it only for https certificate renewals. This should simplify the logic.