Hi there,
with a firewall rule, i allow/block the acess to my router to port 80 and 443 from wan zone. how automaticly disable it, acme service run, the firewall rule reenable
the firewall rule in /etc/config/firewall
config rule
option name 'allow http/https to this device'
option src 'wan'
option target 'ACCEPT'
option dest_port '80 443'
option enabled '0'
thanks for your answer
If your wan is facing the internet, this is a very bad idea. You should never expose the web interface (and ideally not ssh, either) to the internet as the web interface in particular isn't hardened for untrusted networks. A much better and safer method is to setup a VPN such as wireguard for inbound connections.
If your upstream is actually a trusted network, you can ignore the warning above.
You could create a script to start/stop your service (or if it is already an init.d based script, just edit it). In that script, you can use UCI commands to change the firewall.
But please keep in mind what I wrote above.
or implement the DNS-01 verification - https://letsencrypt.org/docs/challenge-types/
ok, i find that i have to put this before trigger the acme
uci del firewall.cfg1092bd.enabled
and this after
uci set firewall.cfg1092bd.enabled='0'
iwill search how to make it in the openwrt cron