So, I have a bunch of web servers on my DMZ that are natted externally with static IPs on my UTM using the classic DNAT/SNAT rules. It all works well except when I generate a new let's encrypt certificate or I try to renew an existing one (either manually or allowing the UTM to do its automatic bit). The only way out that I have been able to master so far is to manually disable the DNAT/SNAT rules, force a manual renew (which works) and then re-enable DNAT/SNAT until next time. Has anyone have gone through a similar issue? What am I doing wrong/not doing? (No, I do not use country blocking, and yes port 80 and 443 are open on the firewall rules). Below is a sample of the log, I'll appreciate any advice.
This thread was automatically locked due to age.