The DualShield 6.x Platform includes a certificate service that supports Let's Encrypt. The installation If you are upgrading an old DualShield 5.x server to the latest DualShield 6.x server, then you must select "Certificate Server" component in the upgrading process:
Port 80
Let's Encrypt requires port 80 to be open when a new certificate is being installed and when an existing certificate is being renewed. A Let's Encrypt certificate is valid for 90 days, which will be automatically renewed on the day it expires.
...
However, Let's Encrypt only needs to be able to access the /.well-known/acme-challenge/ path. You can configure your firewall to block access to everything else, if you want.
...