Timeout during connect (likely firewall problem)

CBers · Nov 24, 2021, 4:47 PM

Hi.

I have been running pfSense (Hyper-VM) alongside nginx (Windows) for a few years now.

I recently un-virtualised pfSense and moved it to it's only hardware.

My LetsEncrypt certificates are due to expire soon, so I thought I'd renew them, but I am getting "Timeout during connect (likely firewall problem)" errors when I run the le64.exe command in my bat file (simple, I know).

It has worked many times previously, but not today.

I updated le64.exe to the latest version (0.38.0.0), but still getting the timeouts.

I assume there is something in pfSense blocking it, but for the life of me I cant figure it out.

Any pointers would be appreciated.

Thanks in advance.

stephenw10 · Nov 24, 2021, 5:02 PM

Do you seen anything blocked from that client in the firewall logs?

Are you running Snort or Suricata?

I assume that client can otherwise connect out to other sites fine?

Steve

CBers · Nov 24, 2021, 5:06 PM

@stephenw10 Everything is working fine, I just cannot renew the certs.

Access to the internet is fine from withing the LAN and remote access to the services behind the nginx rp is fine.

Thanks.

AndyRH · Nov 24, 2021, 5:11 PM

Am I correct the LetsEncypt wants to hit a web server (80) to renew the cert?

CBers · Nov 24, 2021, 5:13 PM

@andyrh said in Timeout during connect (likely firewall problem):

Am I correct the LetsEncypt wants to hit a web server (80) to renew the cert?

Ah, that might be why, as I have port 80 closed.

stephenw10 · Nov 24, 2021, 5:24 PM

Mmm, you should see that logged unless you have a specific block rule for port 80 without logging enabled.

Steve

CBers · Nov 24, 2021, 5:35 PM

Port 80 was disabled in rules and Nat.

As soon as I enabled them, the certs renewed successfully.

Thanks for pointing me in the right direction, much appreciated.