Kind of continuation of
I suggest caution leaving it open, use certbot/acme.sh ‘renew’ hooks to occasionally expose your bits