Great writeup, thanks! Just a small clarification which took me a while to grok: The certbot script will temporarily launch a server to answer the ACME ownership challenge on port 8000 (as specified by --http-01-port 8000). That's why we're forwarding to 127.0.0.1:8000.
Great writeup, thanks! Just a small clarification which took me a while to grok: The certbot script will temporarily launch a server to answer the ACME ownership challenge on port 8000 (as specified by
--http-01-port 8000
). That's why we're forwarding to 127.0.0.1:8000.That's a great point. I'll clarify that. (And I realize now that normally when I read dev.to I'm not logged in and I missed notifications, oops).