I can’t find a solution for this use case, but I’m sure there has to be one…
I have an environment with pfsense running http->https redirect & SSL Termination in front of multiple servers, and auto cert renewal using LetsEncrypt - all of this is running flawlessly.
One of the boxes behind pfsense is a mail server, which again is configured and (aside from the issue described below) is also running trouble-free - mail can be sent & received, clients can connect, and web frontend works well.
My issue is with the self-signed cert the mail server uses to encrypt it’s own connections (i.e. STARTTLS). The server (running iRedMail) can use certbot to auto-renew this via LetsEncrypt, but the LetsEncrypt server can’t see the .well-known/acme-challenge folder to do the challenge authentication.
I’m not sure what I should do to resolve this, and I could use a fresh set of eyes. I could update the certs by hand (which is what I’ve been doing), but would very much like an automated solution - any and all help / suggestions would be appreciated.