Hello friends,
I installed a Lets encrypt certificate on my Nethserver today. As described in the instructions, I have opened the port 80 in the FW. Does port 80 have to stay open from now on, or can I close it again? I do not like having the server open on the WAN. The certificate has been installed and it works fine as well.
Edit: Another option would be to run your own acme-dns instance. This takes a bit more setup, but you can do it with just about any DNS host. This trades one exposure for another–instead of port 80 being open to the world, it’s port 53. See here: