Certbot (LetsEncrypt) on custom port (Nginx OR apache)
It's perfectly fine to have Nginx on port 80 merely for HTTP-01 challenge and then use the certificates created using it on another web applications or even another server software altogether. It doesn't need to perform any reverse proxying in order to serve the http://example.com/.well-known/acme-challenge/
, e.g.
server {
listen 80;
server_name example.com;
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/.well-known/acme-challenge/;
}
location / {
return 404;
}
}
Furthermore, you don't necessarily need a web server listening on port 80 at all, as Certbot can use its own built-in web server for handling the challenges:
sudo certbot certonly --standalone --preferred-challenges http -d example.com