Bitwarden.sh install script: seems to require external access to my server on http

I’m installing using the bitwarden.sh install script on Ubuntu 20, following the instructions here:

When I run the install script, I’m getting this error:

Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /etc/letsencrypt/logs/letsencrypt.log or re-run Certbot with -v for more details.
bitwarden@bitwarden:/opt/bitwarden$ cat /etc/letsencrypt/logs/letsencrypt.log

From the message I’m guessing that some external service can’t access my server on port 80. That’s probably true, because HTTP traffic is blocked from the public internet for this server, and that absolutely cannot be changed.

This seems to be specific to the Bitwarden install script, as I’ve never had this problem using certbot to install certificates for Apache or Node.

Any suggestions? Am I missing something?
It seems strange that the install would require me to expose my server to the public internet.

The certbot container is used for LetsEncrypt certificates and uses port 80 for domain validation. Not sure if there would be a way to change the methodology via env variables or not.

https://bitwarden.com/help/article/certificates/

Some possible fixes would be to use a provided cert, if you have an external one which is valid for the domain you access from, or using a self-signed cert and using a reserve proxy with valid automatic LE cert renewal on the frontend.

Thanks, it sounds like this is purely a Certbot issue. I’ve worked around it by using a wildcard cert.