I had this got this to work with this requirement for an external A host record, redirects, negate rules. It was quite complex, and, in the end, it did work. I was excited, I got ready to write this long post, then I realized, I had somehow missed the obvious. I found this post on the forms with someone having the exact same issue what amazed me the most, was how simple their solution was.
So, I tested it…
The HTTP to HTTPS redirect condition:
and this will take any HTTP request and convert them into HTTPS. If you configured HTTP validation though this will be a problem when the request from ACME comes in to hit the backend created by the ACME plugin.
As stated by the guy, he simply made a clone of the condition, and made it a negate.
then apply it to the redirect rule…
then apply this to the http listener
Test a cert renewal… it worked
That was way simpler than I thought up. lol
Hope this helps someone.