Sophos 21 Home Lets Encrypt Secondary Validation Fetch Timeout

Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to note is that the firewall is behind a router (DNAT in place and as mentioned i see the url being hit in the logs and the cert makes it to secondary validation unlike when there was no DNAT) and this is a bridged setup so no dedicated wan/lan.

Edited TAGs
[edited by: Raphael Alganes at 8:44 AM (GMT -8) on 6 Nov 2024]

Top Replies

jarrod beebe 2 days ago in reply to JanosRapcsak +2 suggested

I was able to generate a cert but had to disable geo filtering in another firewall. Are there plans to use DNS verification for LE?

Parents

0 rfcat_vk 15 days ago

Why have you posted this again?

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jarrod beebe 15 days ago in reply to rfcat_vk

Not sure what you mean. This is my first post since going to version 21. If someone has posted this same issue (second validation timeout) under the same configuration (bridged interface) ill gladly move to that thread if pointed out to me but i couldn't find one so created a new one.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JanosRapcsak 15 days ago in reply to jarrod beebe

Hi jarrod beebe ,

could you please enable support access and send me the access ID in a PM?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 JanosRapcsak 15 days ago in reply to jarrod beebe

Hi jarrod beebe ,

could you please enable support access and send me the access ID in a PM?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 jarrod beebe 12 days ago in reply to JanosRapcsak

Were you able to find anything out?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Vivek Jagad 10 days ago in reply to jarrod beebe

Refer - Let's Encrypt certificate authority (CA)
And a techvid - Sophos Firewall v21: Let’s Encrypt - Sophos Techvids

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jarrod beebe 10 days ago in reply to Vivek Jagad

Thank you, but I have already followed these.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JanosRapcsak 2 days ago in reply to jarrod beebe

AFAIK, this was caused by a configuration issue on an upstream firewall and has been resolved by jarrod beebe .

jarrod beebe can you please confirm if you managed to generate the Let's Encrypt certificates?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jarrod beebe 2 days ago in reply to JanosRapcsak

I was able to generate a cert but had to disable geo filtering in another firewall. Are there plans to use DNS verification for LE?
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 JanosRapcsak 2 days ago in reply to jarrod beebe

We're looking at DNS challenge method to be supported in a future version (no timeline available yet).
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel