My home UTM (9.713-19) has two internet connections, a primary over fiber (interface A), and a backup over DSL (interface B). For outgoing traffic, uplink balancing is used to create an active/passive setup, and there are some VPN's which are also configured for active/passive use.
Lets Encrypt is used to generate certificates for some development web servers I run. Both the virtual webserver and the lets encrypt definition use interface A. This has been working fine for quite a long time. The last succesful renewal was on November 2nd.
Now I get the famous "failed to renew" emails.
On inspection of the log, I see that for some reason dehydrated is using the public IP of interface B to request the new certificate, which obviously doesn't work, as the WAF doesn't listen on that IP address.
Anyone has any idea what is going on here? And how to fix this?
This thread was automatically locked due to age.