Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 1292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM blocking access to acme-challenge

HGA

I am using Sophos UTM and need a certificate for openssl. Therefore I tried to install Certify the Web.
For the mail server I using a sophos certificate and the `Exchange Server Webservices` Firewall-Profile!
If I try to access to a file inside the inetpub\wwwroot\.well-known\acme-challenge via internet, I got the error-message

Access to the requested URL was blocked!

I guess this is not a normal access to the exchange server and therefore blocked!

Is there any solution to get it working?



This thread was automatically locked due to age.
Parents
  • 0

    Have you thought about using dns challenge instead of http(s)?  I use dns challenge on all my servers given it's easier to implement than having to open ports 80/443 for inbound.  Dns challenge relies on using an api to access your domain's dns settings to create a temporary TXT record with the validation token. Lets encrypt then verifies this token.

    https://letsencrypt.org/docs/challenge-types/ - look up dns-01 challenge

    Looks like certify the web does support dns challenge as well.  Who is your domain registrar?

Reply
  • 0

    Have you thought about using dns challenge instead of http(s)?  I use dns challenge on all my servers given it's easier to implement than having to open ports 80/443 for inbound.  Dns challenge relies on using an api to access your domain's dns settings to create a temporary TXT record with the validation token. Lets encrypt then verifies this token.

    https://letsencrypt.org/docs/challenge-types/ - look up dns-01 challenge

    Looks like certify the web does support dns challenge as well.  Who is your domain registrar?

Children
  • 0 in reply to Jay Jay

    It's a few years ago, I counldn't [dns] not getting working, due to the fact that I don't have a direct access. There is a DNS in front of my own DNS, because I have only one static IP and not 2.

  • 0 in reply to HGA

    Who provides your dns?  Perhaps time to move?  I switched to cloudflare back in 2018. Their prices are competitive and features plentiful. I don't have a static ip either, rather a semistatic - changes about twice a decade. Dns challenge does not require a static ip.

Unfiltered HTML