docs: emphasize that port 80 needs to be reachable for lets encrypt

docs/server/tutorials/tlsssl.md

@@ -10,7 +10,23 @@ If you intend to make your Sourcegraph instance accessible on the Internet or an
 
 Sourcegraph will use [Let's Encrypt](https://letsencrypt.org/) by default if the following conditions are met:
 
-- Your `appURL` site configuration option begins with `https://...`, and the host is reachable on port 80 and port 443.
+- Your `appURL` site configuration option begins with `https://...`.
+- The host is reachable on port `80` and port `443`.
+
+  - 🚨 [Lets Encrypt requires that port `80` be reachable in order prove that you own your domain](https://letsencrypt.readthedocs.io/en/latest/challenges.html#http-01-challenge). If port `80` is unreachable, HTTPS will fail with errors such as the following:
+
+    ```bash
+    http: TLS handshake error from 10.240.0.17:11486: acme/autocert: unable to authorize "example.com"; challenge "tls-alpn-01" failed with error: acme: authorization error for example.com: 403 urn:acme:error:unauthorized: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge; challenge "http-01" failed with error: acme: authorization error for example.com: 403 urn:acme:error:unauthorized: Invalid response from http://example.com/.well-known/acme-challenge/gHyMIbdfCVRvnz0FUJuezDsDJYD7flbVBzr348MrfLg: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "
+
+    ...
+
+    http: TLS handshake error from 10.20.3.1:13676: acme/autocert: missing certificate
+
+    ...
+
+    http: TLS handshake error from 10.240.0.16:41012: 429 urn:acme:error:rateLimited: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
+    ```
+
 - You have not configured manual TLS certificates as described below.
 - You have not configured `tls.letsencrypt` to `off`. (Defaults to `auto`)