There is this Q&A at https://docs.nextcloudpi.com/en/faq/faq/ about setup Let’s Encrypt with blocked ports.
" How do I set up Let’s Encrypt with blocked ports?
If you only have port 443 available, you can use the following workaround: copy that code and after that try again from the web interface or nextcloudpi-config
Is it correct to put letsencrypt.sh to /usr/local/etc/nextcloudpi-config.d ?
How does the WebUI know that there is a work around script n nextcloudpi-config.d?
I did not find letsencrypt.sh in /usr/local/bin/ncp/SECURITY but found it under /usr/local/bin/NETWORKING. After I put the file there and clicked letsencrypt on the dashboard. I got:
[ letsencrypt ] (Tue Jul 14 09:36:04 PDT 2020)
/usr/local/bin/ncp/NETWORKING/letsencrypt.sh: line 48: /etc/letsencrypt/letsencrypt-auto: No such file or directory
Just had a look at that code, it just installs the packages, it does not actually get a certificate, so its location /usr/local/etc/nextcloudpi-config.d/letsencrypt.sh is probably correct.
Because my installation doesn’t have nextcloudpi-config.d, I put letsencrypt.sh in /usr/local/etc/ncp-config.d . When I clicked “letsencrypt” on the Web UI, it still used the http-01 challenge. There is no difference if I ran /usr/local/etc/ncp-config.d/letsencrypt before I invoked letsencrypt from the dashboard.