Use HTTPS for UI/Embed not working (Failed to acquire certificate)

[gnartS]

Im sure this isnt a bug and related to my network setup but im struggling to solve it.

Using latest Restreamer2/Docker and non HTTPS it works perfectly. UI is fine, the embedded link to the stream in an external website works fine.
BUT as the embed is http only, browsers serving the page as https means it wont display so i need it also in SSL.

Ive followed the instruction for Restreamer2 to enable SSL via Lets Encrypt but it doesnt work.

The logs show:

component="Let's Encrypt" msg="Acquiring certificate ..." host="my.domain.here"
ts=2023-12-20T11:18:42Z level=ERROR component="Let's Encrypt" msg="Failed to acquire certificate" error="my.domain.here: obtaining certificate: [my.domain.here] Obtain: [my.domain.here] solving challenge: my.domain.here: [my.domain.here] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - <IP_ADDR>: Invalid response from http://my.domain.here/.well-known/acme-challenge/KxxxxxxxxxxxxxxLY: 404 (ca=https://acme-v02.api.letsencrypt.org/directory)" host="my.domain.here"
ts=2023-12-20T11:18:42Z level=WARN component="Core" msg="Continuing with disabled TLS"

The domain is live and resolves to the public IP via DNS.

Restreamer is being run almost as a default:

0.0.0.0:1935-1936->1935-1936/tcp, :::1935-1936->1935-1936/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:8181->8181/tcp, :::8181->8181/tcp, 0.0.0.0:6000->6000/udp, :::6000->6000/udp

I suspect its the network setup causing issues here.

Its a home connection via NAT and port forwards.

Device number 1 runs Apache2 serving a few websites and takes port 80/443 binding from the router for obvious reasons
Device number 2 is the one running streamer (Accessible via a lan. CPU usage reasons dictate a second device) with the following forwards:

(External public ip port >> Device 2 local port)

8800 >> 8080
8801 >> 8801
8082 >> 8082
8181 >> 8181

(Some redundant forwards there from an older setup)

Im using a direct copy/passthrough of this stream so dont need rtmp or other services accessible. This is purely to provide an embedded http(s) link inside an externally hosted webpage.
As above, the setup works perfectly in non SSL mode to access and to embed. SSL fails.

I suspect its somehow Lets Encrypt cant access the required port to authorise itself but ive got no idea how to fix it.

Can someone point me to a solution of how to obtain (and keep fresh) a LE certificate to allow SSL with Restreamer? Either local, firewall and/or main webserver adjustments?

[ioppermann]

The problem is that Let's Encrypt tries port 80 of the configured domain name. Because you already have something else running on port 80, Let's Encrypt is not able to the verify the challenge that only Restreamer can answer during the process of obtaining a certificate from LE.

A possible solution is, that you proxy the Restreamer through your existing Apache2 setup. Then you'll use an already existing certificate you have for Apache2 and you don't need to enable HTTPS in Restreamer.