I do not get the port 80 thing with Let’s Encrypt.
All efforts of Let’s Encrypt to make the web secure by encouraging the use of SSL leads on the long run to a web wich runs only on SSL. When a webserver still uses port 80, then only for redirecting to port 443.
In order to make your webserver more secure, best practice would be, not to offer port 80 at all. Then false urls lead to nowhere and no session cookies will be transmitted unencrypted due to errors in linking or redirecting.
Unfortunately it is Let’s Encrypt, which expects the site owner to open port 80 and let the webserver use it. If he does not, he cannot use Let’s Encrypt at all.
I think, this is a problem.
If the reason is a chicken egg problem in order to be able to communicate before a cert is signed, why not use 443 anyway and ignore in that stage whether the cert is valid or not. This would be a parallel to communicating over port 80 where no cert is needed.
When I search the web for this topic, it seems, as if I am not the only one, who is running webservers without port 80 at all. IMHO this is the future and it is not useful to carry a load which is not needed at all.
So it would be great, when this issue will be solved in the near future.