Security risk: Allow doing certificate challenge at HTTPS port if only 443 is open

[undergroundwires]

Even though application is served over 443, port 80 must be open to be able to accept incoming ACME challenges from Let's Encrypt for automatic certificate lifecycle handling.

Opening unneeded port goes against security best-practices and standards.

TLS-ALPN-01 should be used if HTTPS open without requiring opening port 80.