Unable to get certificates


  • Hi,
    I've this environment:

    • pfsense with a secondary IP (virtual address)
    • haProxy
    • ACME

    ACME has the certificate defined using "Standalone HTTP server" and port 8080

    haProxy has a frontend on the virtual address IP, port 80, forwarded to a backend that has localhost IP and port 8080.

    The firewall allows from all IPs, to virtual address IP, port 80

    When I run certificate issue command, I can see the authorization tokens calling http://blabla/well-kwnon/blabla from a web browser
    (I can see this only during issue command processing, otherwise not). I also can see some active States in firewall, one related to my IP and some others (I don't know if they are LE IPs or not).

    Still ACME package reports that LE has a timeout connecting to my web server (?) and the process remains pending.

    [Mon Jan 4 12:09:48 CET 2021] Pending
    [Mon Jan 4 12:09:51 CET 2021] Pending
    [Mon Jan 4 12:09:54 CET 2021] Pending
    [Mon Jan 4 12:09:56 CET 2021] Pending
    [Mon Jan 4 12:09:59 CET 2021] Pending
    [Mon Jan 4 12:10:02 CET 2021] Pending
    [Mon Jan 4 12:10:05 CET 2021] Pending
    [Mon Jan 4 12:10:07 CET 2021] Pending
    [Mon Jan 4 12:10:10 CET 2021] Pending
    [Mon Jan 4 12:10:13 CET 2021] Pending

    any idea?
    thanks

  • LAYER 8

    @topogigio
    i have updated my cert two days ago, similar configuration

    frontend2.jpg

    frontend.jpg

    backend.jpg

    firewall.jgp.jpg

    acme.jpg

    acme2.jpg

    maybe compare with my config,
    is the frontend listening to the right wan ip ?
    you can use packet capture to see if request and response is passing or not
    maybe you have something else listening on port 8080 like pfblockerng or squid ?


  • @kiokoman Thank you!

    The problem was that in my backend I wrote "localhost" instead of "127.0.0.1" as you. Fixing that it works!