If you manually need to open port 80 for renewing the certificate(s), you will have more work in the future.
If you renew the certificate via cronjob, you will need a shorter interval, depending on:
It starts on May 13, 2026: Anyone who wishes can order certificates with a validity of 45 days from that day onwards, and must use the optional certificate profile “tlsserver” for this. On February 10, 2027, the validity for all newly issued certificates will then initially drop to 64 days, and a little over a year later, on February 16, 2028, to 45 days.
You don’t have to. Just leave port 80 open and set up a permanent rewrite/redirect from port 80 to port 443 in the web server.
Or you could use the DNS challenge (assuming you have a DNS provider with API access).
The ACME protocoll was designed with automation in mind from the beginning. Manual interaction to renew certificates has never been necessary since it was introduced, and anyone who has set up automation will not notice these changes, regardless of whether the certificates are renewed every 45 days, 10 days, or every day.
Yeah, I have automated the process of the certification renewal with Let’s Encrypt via PowerShell-Script + Posh-Acme. It’s possible and makes your life easy because you don’t care if your certificate is only valid for 45 days or less. Everybody should consider automating the process completely with ACME + DNS.
My posting about opening port 80 was dedicated to those users in the forum, who keep port 80 closed. - I’ve port 80 permanentlky open ad redirect it to 443 on my Nextcloud server
My Hansson-IT Nextcloud VM monthly renews the certificares via cronjob .
