Let's Encrypt certificate error Pest_NotFound - 404: Nothing to do

If DNS and firewall forwarding/loopback are properly configured, it should “just work.”

If your sharing a single external IP and need multiple services listening on a single port, it’s on you to have proper a proxy/forward setup. It’s not a beginner config, but shouldn’t be overly difficult either.

If the pfsense acme client listening on port 80 is the root of your problem, remove the conflict. Setup the pfsense acme client to use tls-alpn auth(port 443) or dns-01auth (no port needed) and keep port 80 forwarded exclusively to the PBX.

For now, you have to make the clients play nice together when sharing a single IP.

As long as both clients use http-01 auth, managing port 80 will be an issue. Changing the pfsense auth method should be an easy workaround.

The “self test” issue is a problem with the current acme library used by FreePBX. If/when the FreePBX backend is ported to acme.sh, that specific problem should go away, but “sharing” port 80 will remain an issue.

If the FreePBX backend is migrated to acme.sh, dns-01 auth (no port needed) will be an option for FreePBX. I doubt tls-alpn auth (port 443) will be a FreePBX option. No reason tls-alpn couldn’t be made available, but it really needs SysAdmin(closed source) changes for the distro.