I have set up certbot on Ubuntu and successfully created my certificate with
--standalone. The same system may use other certs for other fqdns that end up on the same system as well later.
I have added traefik v2.9 to this system. Traefik listens to ports 80 en 443. I have configured traefik with a 'file provider' so that it uses the separately certbot-created certificate. This works.
Some of the services on this system will not be managed via traefik. So I want to keep cert management and traefik separate. Use certbot to manage the certs and have traefik use some of them.
The certs renewal config looks like this:
[renewalparams] account = [snip] pref_challs = http-01, server = https://acme-v02.api.letsencrypt.org/directory authenticator = standalone
Now, I think that if traefik is running on port 80 certbot will not be able to renew because traefik is already listening on that port. What is the best way to solve this conundrum? One way is of course to have traefik not listen to port 80 and purely work on 443. Another might be to have traefik catch
.well-known/acme-challenge/on port 80, serve the contents, and use certbot with webroot, maybe?