You no longer need the http: section in configuration.yaml
In fact if you do it prevents you from accessing your HA instance locally.
Full instructions here : -
Read post 25 too.
I ONLY have port 443 open and it forwards to port 443
I get my certificates updated without any intervention