That would be perfect, honestly I have done this before, using some commands in my renewing shell script, but unfortunately they now fail since IPFire uses a different location blocking mechanism.
And to be fair, LE used just US servers before and I had to unblock a single country. Now, LE uses many countries as their origin which we do not know (you just gave the link above, thanks for this, Adolf)
So, I could imagine to stop all location block while renewing starts and acivate the blocks immediately afterwards. This would include, restarting the firewall, too, as it is necessary in WebIF.
However, I don’t know the exact commands to stop location blocks, restart the firewall and vice versa.
EDIT: I assume, the firewall is running before HAProxy, correct. Otherwise, the location block would be obsolet, correct?
This is why I will need a firewall rule to allow incoming traffic on RED to be forwarded to IPFire itself?