I’m mainly wanting to use the cert for email.
Got it installed on a test RasPi. Plan on moving it over once I feel comfy.
I do not run a web server here (at least internet facing) So I need to poke a hole or two in the firewall. Not wanting to leave them open, is there an option to renew without having a web server running?
I could probably script something up. (rather not)
I had installed them with the --standalone option if that matters.
The --standalone option does not require a web server running, but it does require the ability to connect to port 443 or port 80. If you don’t want that, you should use the DNS-01 authentication method (probably with a bash-based client rather than Certbot, due to better support in those clients).