Timeout during connect (likely firewall problem)
-
Hi.
I have been running pfSense (Hyper-VM) alongside nginx (Windows) for a few years now.
I recently un-virtualised pfSense and moved it to it's only hardware.
My LetsEncrypt certificates are due to expire soon, so I thought I'd renew them, but I am getting "Timeout during connect (likely firewall problem)" errors when I run the le64.exe command in my bat file (simple, I know).
It has worked many times previously, but not today.
I updated le64.exe to the latest version (0.38.0.0), but still getting the timeouts.
I assume there is something in pfSense blocking it, but for the life of me I cant figure it out.
Any pointers would be appreciated.
Thanks in advance.
-
Do you seen anything blocked from that client in the firewall logs?
Are you running Snort or Suricata?
I assume that client can otherwise connect out to other sites fine?
Steve
-
@stephenw10 Everything is working fine, I just cannot renew the certs.
Access to the internet is fine from withing the LAN and remote access to the services behind the nginx rp is fine.
Thanks.
-
Am I correct the LetsEncypt wants to hit a web server (80) to renew the cert?
-
@andyrh said in Timeout during connect (likely firewall problem):
Am I correct the LetsEncypt wants to hit a web server (80) to renew the cert?
Ah, that might be why, as I have port 80 closed.
-
Mmm, you should see that logged unless you have a specific block rule for port 80 without logging enabled.
Steve
-
Port 80 was disabled in rules and Nat.
As soon as I enabled them, the certs renewed successfully.
Thanks for pointing me in the right direction, much appreciated.
