I'm using the python wsgiref module with the simple server to run an application. How do I configure lets encrypt to be able to run the application on https ?
It's usually best to run WSGI applications behind another webserver, like nginx or Apache.
You can configure nginx to proxy requests to your WSGI application.
There's two big benefits to doing so:
You can restart your webserver and renew your certificate without having to kill your entire Python application
You can benefit from software like Certbot being able to automatically configure nginx with an SSL certificate.
That said, it's usually possible to add some code that will make your Python application serve HTTPS traffic directly, but you will need to check the API documentation of wsgiref for that.
Certbot does not support WSGI servers directly. You will have to do the following to obtain a LetsEncrypt certificate, and then install it into your Python application:
Run Certbot in standalone mode on Port80
Run Certbot in standalone mode on a higher port, proxy traffic to /.well-known/acme-challege/ on Port80 to the higher port
My personal preference is to run Python applications on uWSGI+nginx, terminate ssl on nginx, have nginx proxy the well-known traffic to a higher port so Certbot can obtain/renew certificates, and use certbot hooks to issue a graceful restart to nginx. That results in zero downtime and one of the fastest and most-memory efficient Python deployments.
For security reasons, linux doesn't allow access to port 80 not even to answer http requests (for security reasons). To work around I had to use iptables redirection rule to meet the http requests from port 80 to another port. How would it be to configure certbot in this case ?
The --http-01-port=x flag will let Certbot listen for requests on a higher port, x. You still need to route Port 80 traffic to x, as LetsEncrypt requires a request/response on Port 80. if you can't do that, the DNS-01 challenge should be used.