I am running a few servers that are secured with Letsencrypt and was struggling with how to get auto-renew working. I finally figured out what seems to trip it up: All my servers run https only and it appears that the auto-renew fails unless it can connect on port 80.
Is this observation correct? And if so, how do I work around it? I don’t like leaving port 80 open at all on any of these servers.