View Only
last person joined: 7 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
  • 1.  Let's Encrypt for Conductor

    Posted 07-26-2022 10:31

    I'm trying to add Let's Encrypt Cert to Conductor. In the past I used following instruction
    However, it doesn't work anymore.

    Type: connection
    Detail: X.X.X.X: Fetching
    Timeout during connect (likely firewall problem)

    Any idea on how to get it to work?



  • 2.  RE: Let's Encrypt for Conductor

    Posted 08-03-2022 05:22

    Hi Greg,

    indeed - it really sounds like a firewall issue.

    Two questions:

    1. Is this conductor a bare metal or virtual/cloud instance?
    2. Could you please check (at the linux cli) if there is a rule that allows incoming traffic to port 80? (sudo iptables -nvL | grep dpt:80)

    The iptables output should bring up something like this:

    $ ​sudo iptables -nvL | grep dpt:80
    0 0 ACCEPT tcp -- * * tcp dpt:80 ctstate NEW,UNTRACKED


    Mathias Jeschke
    Juniper Networks

  • 3.  RE: Let's Encrypt for Conductor

    Posted 08-15-2022 15:27
    Hi Mathias,

    1. Conductor is a VM in our own environment.
    2. Port 80 is open and I even tried to disable firewall. Still no go.
     1 52 ACCEPT tcp -- * * tcp dpt:80 ctstate NEW,UNTRACKED


  • 4.  RE: Let's Encrypt for Conductor

    Posted 08-16-2022 06:23

    Hi Greg,

    To me it looks like you have another firewall in front of your Conductor or there is a routing or DNS issue somewhere.

    One connection  to port 80 is too low for a successful letsencrypt run (on my lab system there have been 4 connections).

    You could try to run a tcpdump on your conductors wan interface (e.g. tcpdump -w le.pcap -nni eth0 port 80) for troubleshooting or run the certbot in foreground mode (ideally with --test-cert to avoid rate-limit issues).


    Mathias Jeschke
    Juniper Networks