Feature Idea: Auto Firewall for Certificates

[jakkuh]

I really love the ACME certificate functionality, but I also like to keep my servers locked down with a pretty aggressive firewall. With that in mind, it would be super cool to add an option in the certificate settings to automatically toggle a specified rule or create its own firewall rule that opens ports 80/443 on renewal so that it completes successfully.

Really not a super urgent thing in any way, but it would be a nice QOL improvement.

 

[tom]

Or use DNS validation.

https://community.letsencrypt.org/t...egrate-with-lets-encrypt-dns-validation/86438

 

[are]

Not possible since domains are in registry not supporting API. So you can't renew automatically (with DNS validation) and fetch cert/key into proxmox.

Allowing 80/443 on firewall for time of renewal validation would be good option and would solve the problem.