• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Timeout during connect (likely firewall problem)

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 3 Posters 1.7k Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C Offline
    CBers
    last edited by CBers Nov 24, 2021, 4:47 PM Nov 24, 2021, 4:46 PM

    Hi.

    I have been running pfSense (Hyper-VM) alongside nginx (Windows) for a few years now.

    I recently un-virtualised pfSense and moved it to it's only hardware.

    My LetsEncrypt certificates are due to expire soon, so I thought I'd renew them, but I am getting "Timeout during connect (likely firewall problem)" errors when I run the le64.exe command in my bat file (simple, I know).

    It has worked many times previously, but not today.

    I updated le64.exe to the latest version (0.38.0.0), but still getting the timeouts.

    I assume there is something in pfSense blocking it, but for the life of me I cant figure it out.

    Any pointers would be appreciated.

    Thanks in advance.

    1 Reply Last reply Reply Quote 0
    • S Online
      stephenw10 Netgate Administrator
      last edited by Nov 24, 2021, 5:02 PM

      Do you seen anything blocked from that client in the firewall logs?

      Are you running Snort or Suricata?

      I assume that client can otherwise connect out to other sites fine?

      Steve

      C 1 Reply Last reply Nov 24, 2021, 5:05 PM Reply Quote 0
      • C Offline
        CBers @stephenw10
        last edited by CBers Nov 24, 2021, 5:06 PM Nov 24, 2021, 5:05 PM

        @stephenw10 Everything is working fine, I just cannot renew the certs.

        Access to the internet is fine from withing the LAN and remote access to the services behind the nginx rp is fine.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • A Offline
          AndyRH
          last edited by Nov 24, 2021, 5:11 PM

          Am I correct the LetsEncypt wants to hit a web server (80) to renew the cert?

          o||||o
          7100-1u

          C 1 Reply Last reply Nov 24, 2021, 5:13 PM Reply Quote 0
          • C Offline
            CBers @AndyRH
            last edited by Nov 24, 2021, 5:13 PM

            @andyrh said in Timeout during connect (likely firewall problem):

            Am I correct the LetsEncypt wants to hit a web server (80) to renew the cert?

            Ah, that might be why, as I have port 80 closed.

            1 Reply Last reply Reply Quote 0
            • S Online
              stephenw10 Netgate Administrator
              last edited by Nov 24, 2021, 5:24 PM

              Mmm, you should see that logged unless you have a specific block rule for port 80 without logging enabled.

              Steve

              C 1 Reply Last reply Nov 24, 2021, 5:35 PM Reply Quote 0
              • C Offline
                CBers @stephenw10
                last edited by Nov 24, 2021, 5:35 PM

                Port 80 was disabled in rules and Nat.

                As soon as I enabled them, the certs renewed successfully.

                Thanks for pointing me in the right direction, much appreciated.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received