Thank you for sharing this. I didn’t include instructions for Let’s Encrypt because it is so flexible. For instance, I am using an API to update DNS to confirm my certificates, so I don’t even open port 80 at all.
Separately, I am now doing renewal using the Local Calendar integration, and this has allowed me to ditch the helpers. The only caveat is that I can’t automate deletion of calendar events, so I have an automation reminding me to delete them manually. I have put in a feature request to allow for automation of event deletion if anyone is interested in voting on it.