I run a Linux server with Apache handling several virtual domains. Apache is cached with Varnish. As Varnish only handles http Nginx is used as a proxy fronting Varnish to handle https. The ssl certificates are handled by Nginx and the calla are redirected to port 80 from Varnish to either return a page from the cache or call Apache to generate a new page.
This setup works very smooth and is simple to maintain with standard issued certificates. I have installed and tried to use Certbot but cannot figure out how to use automatic generated Let’s Encrypt certificates. Port 80 (Varnish) is open on the server but the certificates resides under port 443 (Nginx).
Sure. The simplest example might be to use “certbot -a apache -i nginx” to use the apache plugin to authenticate (with HTTP) and then configure Nginx to use the certificate and reload it.
That relies on Certbot being able to parse and modify both your Apache and Nginx configuration files… Maybe it will have no trouble. Maybe there will be small issues you can easily fix.
You might settle on avoiding the apache or nginx plugins, with something like “certbot certonly --webroot --deploy-hook 'service apache2 graceful' -w /var/www/something -d example.org -d www.example.org” to validate without directly interacting with the web servers, leave you to manually configure the certificate, but automatically reload the web server.