Unable to get certificates
-
Hi,
I've this environment:- pfsense with a secondary IP (virtual address)
- haProxy
- ACME
ACME has the certificate defined using "Standalone HTTP server" and port 8080
haProxy has a frontend on the virtual address IP, port 80, forwarded to a backend that has localhost IP and port 8080.
The firewall allows from all IPs, to virtual address IP, port 80
When I run certificate issue command, I can see the authorization tokens calling http://blabla/well-kwnon/blabla from a web browser
(I can see this only during issue command processing, otherwise not). I also can see some active States in firewall, one related to my IP and some others (I don't know if they are LE IPs or not).Still ACME package reports that LE has a timeout connecting to my web server (?) and the process remains pending.
[Mon Jan 4 12:09:48 CET 2021] Pending
[Mon Jan 4 12:09:51 CET 2021] Pending
[Mon Jan 4 12:09:54 CET 2021] Pending
[Mon Jan 4 12:09:56 CET 2021] Pending
[Mon Jan 4 12:09:59 CET 2021] Pending
[Mon Jan 4 12:10:02 CET 2021] Pending
[Mon Jan 4 12:10:05 CET 2021] Pending
[Mon Jan 4 12:10:07 CET 2021] Pending
[Mon Jan 4 12:10:10 CET 2021] Pending
[Mon Jan 4 12:10:13 CET 2021] Pendingany idea?
thanks -
@topogigio
i have updated my cert two days ago, similar configurationmaybe compare with my config,
is the frontend listening to the right wan ip ?
you can use packet capture to see if request and response is passing or not
maybe you have something else listening on port 8080 like pfblockerng or squid ? -
@kiokoman Thank you!
The problem was that in my backend I wrote "localhost" instead of "127.0.0.1" as you. Fixing that it works!