Hi, I am not sure this is possible but here goes.
(btw it runs perfect otherwise as it is)
I do not want 80,443 open but require the cert for an rdp app on a different port.
Is there a way I can schedule the cert renewal so that it can coincide with the external firewall opening the ports?
Process would be
1, external firewall opens 80,443
2, certify the web renews and deployes certificate.
3, external firewall closes 80,443
is this doable?
You could script a pre-request task under Tasks but realistically I think for time-constrained renewals you are better to just agree a maintenance window and manually renew (just click Request Certificate to attempt a renewal).
If the only issue is the firewall I would suggest switching to DNS domain validation instead of http, that way your server just needs outgoing https access to talk to the APIs involved but ti doesn’t need incoming TCP ports at all.
Thats an option but the DNS that this domain is on does not have the API to do this