On a macOS Server, Apache is a major workhorse, also for Server admin stuff. If I want to protect these with letsencrypt certs I need to expose this whole admin stuff to the outside world, and I’d rather not. So — and I know this is more an Apache question, but I suspect the know how is really here — I would like to configure my Apache to only accept outside traffic for
http://mydomain.tld/.well-known/acme-challenge while allowing any other URL for my
domain.tld only to be accepted when the request comes from the local net. This would effectively restrict outside access to letsencrypt, thus enabling the use of letsencrypt certs without exposing the whole admin interface to the outside world.
Another option would be to have everything that comes from the outside be served from a different directory on my server.
Can someone tell me how to do this?