Matthis You can tell nginx to allow or restrict IP adresses: https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/#restricting-access-by-ip-address
sanhwy But if i restrict access from ngix to allow only my ip, mailcow can renew ssl certificate? I know for renewing ssl need access to port 80
Matthis According to https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/nginx/includes/site-defaults.conf the acme directory /.well-known/acme-challenge/ is already set to allow all.