Currently, you need port 80 and 443 open and redirected to the Truenas server to get a TLS certificate for a website when using the acme challenge on the NGINX app. For people that only need a certificate to be used internally, this creates unnecessary effort to create and keep the certificate renewed as this setup does not want external access to the websites. This project below can complete the certbot check without needing to have the ports open. It would be useful to update the app so it is done this way instead.
This is simply and utterly incorrect. NPM fully supports the DNS challenge, which doesn’t require any ports forwarded to it.
I guess I misunderstood what occured when I clicked to create a certificate and it was taking a long time. I had set it to 120 second time out. I opened the ports and it finished within 10 seconds of ports opening.
This is good to here so I don’t have to worry about certificates timing out as it can auto renew.
Without knowing specifics about what you did, it isn’t possible to say where specifically you went wrong. If you didn’t tell NPM to use the DNS challenge, then yes, you’d need ports 80/443 open from the public Internet to your NPM instance in order to get the cert–and from the fact that opening them “fixed” the issue, it appears this was your error.
But, again, if you use the DNS challenge, which I walked through in detail in the link I shared (and NPM supports dozens of DNS hosts), you don’t need to have any ports open.
That guide is essentially what I did so thankyou for the help.