On Sat, Jul 9, 2022 at 2:56 PM Andy Smith via BitFolk Users <users@mailman.bitfolk.com> wrote:

As an aside, if there's no vhost on the server that is http-only
(i.e. they all redirect to https) then I would just stop listening
on port 80 and dispense with every http vhost. You will clearly need
to switch to DNS-based Let's Encrypt challenges then, though.

file validation has gone away for wildcard and multi-san certs anyway, so you might as well migrate to dns validation where possible anyway. it's very straightforward and very automatable.

-n