. . The only person(s) that can gain access to HTTP and HTTPS on your server are people whose IP addresses have been whitelisted in the firewall. . .
Even if you can ensure that everyone,everywhere is whitelisted, vpn's are a pain, port knocking is a pain, roaming cell connections are a pain, and even when covered they still get, quite reasonably, pissed of with all those "!!!!! no certificates, no security here !!! " warnings, at least mine do, it is NOT hard to certbot and can only help your security as there is a lot of shit going over the webservice that is better encrypted on any network. In my world complacency will sooner or later cost you something in either dollars,time or reputation.
JM2CWAE
Even if you can ensure that everyone,everywhere is whitelisted, vpn's are a pain, port knocking is a pain, roaming cell connections are a pain, and even when covered they still get, quite reasonably, pissed of with all those "!!!!! no certificates, no security here !!! " warnings, at least mine do, it is NOT hard to certbot and can only help your security as there is a lot of shit going over the webservice that is better encrypted on any network. In my world complacency will sooner or later cost you something in either dollars,time or reputation.
JM2CWAE