Let's Encrypt will not issue cert

[baqwas]

Hello,

My router, running OPNsense, port forwards all unsolicited inbound ports 80/443 TCP traffic to an intranet Synology box that relies on the vendor's scripts to renew Let's Encrypt cert automatically. I would like to obtain an equivalent cert for the OPNsense box.

My attempts to obtain a Let's Encrypt cert through the OPNsense process fail with the following tail entries in the log:

code='400'
_ret='0'
payload='{}'

I understand that ports 80/443/tcp have to be open for Let's Encrypt cert process. Since https://www.yougetsignal.com/tools/open-ports/ informs me that 80/443 is closed for the router (WAN facing) box, my question is how to enable this key configuration requirement without changing the existing port forwarding setting for unsolicited HTTP/S traffic that is working for my other uses of the Synology box?

I am a newbie. I have done enough self-inflicted damage to personal productivity by not seeking advice earlier. Key requirements:

• Retain Let's Encrypt cert renewal process for intranet Synology box
• Route all unsolicited inbound HTTP/S traffic to Synology box
• Obtain Let's Encrypt cert for OPNsense box

Any advice on securing a Let's Encrypt cert for the OPNsense box would be sincerely appreciated. Thanks.

Kind regards.

P.S. Using:
OPNsense 20.1.8-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
OpenSSL 1.1.1g 21 Apr 2020