Hi Greg,
To me it looks like you have another firewall in front of your Conductor or there is a routing or DNS issue somewhere.
One connection to port 80 is too low for a successful letsencrypt run (on my lab system there have been 4 connections).
You could try to run a tcpdump on your conductors wan interface (e.g. tcpdump -w le.pcap -nni eth0 port 80) for troubleshooting or run the certbot in foreground mode (ideally with --test-cert to avoid rate-limit issues).
-Mathias
------------------------------
Mathias Jeschke
Juniper Networks
------------------------------
Original Message:
Sent: 08-15-2022 15:27
From: GREG WROBEL
Subject: Let's Encrypt for Conductor
Hi Mathias,
1. Conductor is a VM in our own environment.
2. Port 80 is open and I even tried to disable firewall. Still no go.
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED
------------------------------
GREG WROBEL
Original Message:
Sent: 08-03-2022 05:21
From: Mathias Jeschke
Subject: Let's Encrypt for Conductor
Hi Greg,
indeed - it really sounds like a firewall issue.
Two questions:
- Is this conductor a bare metal or virtual/cloud instance?
- Could you please check (at the linux cli) if there is a rule that allows incoming traffic to port 80? (sudo iptables -nvL | grep dpt:80)
The iptables output should bring up something like this:
$ sudo iptables -nvL | grep dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED
Thanks,
Mathias
------------------------------
Mathias Jeschke
Juniper Networks
Original Message:
Sent: 07-26-2022 10:31
From: GREG WROBEL
Subject: Let's Encrypt for Conductor
Hello,
I'm trying to add Let's Encrypt Cert to Conductor. In the past I used following instruction
However, it doesn't work anymore.
Domain: sd-wan.example.com
Type: connection
Detail: X.X.X.X: Fetching
http://sd-wan.example.com/.well-known/acme-challenge/hTNQ6-GWStVoChteaQvl6_pHOS8MsavxkhK6Ad_TcJA:
Timeout during connect (likely firewall problem)
Any idea on how to get it to work?
Thanks!
-Greg
------------------------------
Greg
------------------------------