Hi; I actually ended up figuring out how to do this for my own thing. NFSN's provided tls-setup script expects the /home/public/.well-known directory to be served up at /.well-known on your site, and that's the main thing (as far as I can tell) that makes it not work well for custom daemons. For my thing, I happened not to need all of / to be proxied to node, so I set up more focused proxies to the specific subpaths I needed, and used the "Apache 2.4 Generic" site setting so that their included servers would serve up the well-known directory. I suspect that it'd be possible to get this to work with anything so long as that directory serves up files as expected so that the ACME challenges can go through.
Hi; I actually ended up figuring out how to do this for my own thing. NFSN's provided tls-setup script expects the /home/public/.well-known directory to be served up at /.well-known on your site, and that's the main thing (as far as I can tell) that makes it not work well for custom daemons. For my thing, I happened not to need all of / to be proxied to node, so I set up more focused proxies to the specific subpaths I needed, and used the "Apache 2.4 Generic" site setting so that their included servers would serve up the well-known directory. I suspect that it'd be possible to get this to work with anything so long as that directory serves up files as expected so that the ACME challenges can go through.
Thanks so much for this note Ian! Seriously... it's called the ./well-known directory? Lmao.
I'll update the post with a note for others who are looking. Thanks again!