Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to get certificates

    Scheduled Pinned Locked Moved ACME
    3 Posts 2 Posters 675 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Topogigio
      last edited by Topogigio

      Hi,
      I've this environment:

      • pfsense with a secondary IP (virtual address)
      • haProxy
      • ACME

      ACME has the certificate defined using "Standalone HTTP server" and port 8080

      haProxy has a frontend on the virtual address IP, port 80, forwarded to a backend that has localhost IP and port 8080.

      The firewall allows from all IPs, to virtual address IP, port 80

      When I run certificate issue command, I can see the authorization tokens calling http://blabla/well-kwnon/blabla from a web browser
      (I can see this only during issue command processing, otherwise not). I also can see some active States in firewall, one related to my IP and some others (I don't know if they are LE IPs or not).

      Still ACME package reports that LE has a timeout connecting to my web server (?) and the process remains pending.

      [Mon Jan 4 12:09:48 CET 2021] Pending
      [Mon Jan 4 12:09:51 CET 2021] Pending
      [Mon Jan 4 12:09:54 CET 2021] Pending
      [Mon Jan 4 12:09:56 CET 2021] Pending
      [Mon Jan 4 12:09:59 CET 2021] Pending
      [Mon Jan 4 12:10:02 CET 2021] Pending
      [Mon Jan 4 12:10:05 CET 2021] Pending
      [Mon Jan 4 12:10:07 CET 2021] Pending
      [Mon Jan 4 12:10:10 CET 2021] Pending
      [Mon Jan 4 12:10:13 CET 2021] Pending

      any idea?
      thanks

      kiokomanK 1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8 @Topogigio
        last edited by kiokoman

        @topogigio
        i have updated my cert two days ago, similar configuration

        frontend2.jpg

        frontend.jpg

        backend.jpg

        firewall.jgp.jpg

        acme.jpg

        acme2.jpg

        maybe compare with my config,
        is the frontend listening to the right wan ip ?
        you can use packet capture to see if request and response is passing or not
        maybe you have something else listening on port 8080 like pfblockerng or squid ?

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        T 1 Reply Last reply Reply Quote 1
        • T
          Topogigio @kiokoman
          last edited by

          @kiokoman Thank you!

          The problem was that in my backend I wrote "localhost" instead of "127.0.0.1" as you. Fixing that it works!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.