I've successfully set up a server to use Let's Encrypt, employing DNS records via Cloudflare. Publishing DNS entries on Cloudflare entails running HTTPS requests to an API at Cloudflare.
My initial enrollment worked, because I set up HTTP_PROXY and HTTPS_PROXY in the environment of my shell. But when I then subsequently try forcing a renewal, it fails, because of HTTPS connectivity issues.
What's the cleanest way to make certbot use a proxy for outgoing HTTP requests? I could write a script which exports the HTTP(S)_PROXY variables and then do the renewal. But I'm thinking there might be a cleaner way, perhaps using some config parameter in Certbot?