Getting the following error requesting Lets Encypt certificate
"type":"urn:ietf:params:acme:error:connection" |
"detail":"xx.xx.xx.xx: Fetching xxxxxxxxxxxx/.../mhmbdFphj1tfMCrRkrqqrp2CrgNY54ipSQeI66mcGFQ: Timeout during connect (likely firewall problem)" |
"status":400 |
Sophos says:
There are three main things to check:
• First, that the firewall port can be reached on port 80.
• Second, that the domain in the certificate request resolves the interface selected.
• Third, that there is no DNAT rule configured on port 80, as this will supersede the inbound requests
Firewall can't be reached on Port 80 - but my understanding is that port 80 is only opened for the time the certificate request is checked. I've done a packet capture on the interface WAN IP and Port 80 and nothing comes in
The domain definitely resolves to the interface selected
There are no DNAT rules configured on Port 80
Notably, I'm using Sophos XGS in Azure - but there is an inbound rule in the NSG to allow all traffic and all ports
Any ideas?
Added TAGs
[edited by: Erick Jan at 8:01 AM (GMT -8) on 7 Nov 2024]