This post is pretty much same as mine as I’m trying to do the same thing use lets encrypt on a internally hosted ssl service.