Hey all,
I finally spent some time to get my SSL renewal working properly, as I am using a custom domain, and have not transitioned across to hass.io yet, however I wondered if my work here would interest others, or even the hass.io team in streamlining certificate processes without keeping multiple ports forwarded.
I wrote a blog post here about the process: https://www.oshelp.co.uk/?p=163
Basically, I found a Python miniupnp library which can send a request to typical home Internet routers to request a port forward. The benefit is that I can temporarily open up port 443 just to renew the certificate, then close it out again once done. This way I also use a custom port so there is no need to stop/start home-assistant.
I don’t have the skills (yet) to probably integrate this into some sort of component, but I could see this being useful for general certificate handling and potentially simplifying port forwarding for HASS also!
Let me know if you’ve any questions!