I’m standing up a single-purpose mail server. Yes, I’m a glutton for punishment, but I would benefit from the experience.
Is it possible to use LetsEncrypt for such a purpose – without have a web server? I guess the verification check would need to talk back over 443? And would the same be necessary for renewing?
So this leads me to think…what if I stood up Apache or Nginx, only opened port 443, and then only allowed connections from the LetsEncrypt IPs? Would that work?