I just started using FreedomBox and wanted to use it in my LAN only, at least for first few months. But when I went to add a Letsencrypt certificate to my instance, I found that the only supported challenge is HTTP-01 which forces me to expose port 80 to the world.
On the other hand, I do have a few Home Assistant instances in my LAN and they do their Letsencrypt+DuckDNS seamlessly, without ever asking for a port-forward. So I went to examine how is that done, and it’s done by using [DNS-01] challenge and DuckDNS’ custom API-URL that enables one to add a TXT record on the fly.
Hence, I would like to suggest a feature expansion for existing FreedomBox’s Letsencrypt implemenation: an option to use DNS-01 challenge with a custom URL.