I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Proxy Manager the necessary API token.
I generated the wildcard certificate with port 80 of the server closed to the public internet, and expected it to fail. Since letsencrypt
required me to run a web server listening at port 80 to complete the challenge, I though that a wildcard certificate would also require the same setup.
However, to my pleasant surprise, I was able to obtain the cert and use it for my proxied apps. I would like to know how this was accomplished without Lets Encrypt reaching my server through port 80 and completing the ACME challenge.