Hi @Groodle
read
and
Result:
If you want to create a certificate, your ACME client must be able to talk with Letsencrypt servers.
There https is used -> local initiated outbound port 443 is required (and answers, but that’s firewall specific).
The port 80 requirement is challenge type specific.
If you want to use http validation, inbound port 80 and a working webserver is required. If that webserver redirects to https, then inbound https is required.
If you use dns validation, no incoming port 80 / 443 is required.