I need help understanding port 80 security

[TheDreadPirate]

Except for the following two questions:
In my router, I've forwarded port 80 (http) and port 443 (https) to Caddy.
Question 1: What keeps someone from connecting to Caddy through port 80 on an unsecured connection? In my mind this would create this situation: Public Port 80 --> http data accessible anywhere --> reverse proxy --> http data only accessible internally --> jellyfin
Won't the Caddy reverse proxy be sending publicly available unencrypted potentially vulnerable Jellyfin information?

According to Caddy's docs, it automatically redirects http requests on 80 to https requests on 443 when https is active.

https://caddyserver.com/docs/automatic-https#overview

So that shouldn't be a concern.

Question 2: Is there a problem with closing port 80?
Since I only want to allow secure connections anyway, after I finished setup I went back into my router and deleted the rule forwarding port 80, and only left port 443 open. I checked this with a port checker tool to make sure it had taken effect, and then I used an offsite computer to connect to Jellyfin and it still functioned correctly using my duckdns domain, defaulting to https://mydomain.duckdns.org.
Since it's working I'm tempted to leave it closed but I suspect that this might eventually cause issues with my LetsEncrypt certificate, but I'm a neophite when it comes to needing https certificates so I just have no idea.

Thank you for any insights you can provide,

The "challenge" during the cert request/renewal process has to occur on port 80.  No way around that.  If you close port 80 you would have to remember to open it before your 90 day cert expires, renew your cert, then close it again. Repeat 80-90 days later.