Update Firewall button not working - Lets Encrypt

I have a couple of FreePBX installs that are using Let’s Encrypt certificates. They are all expiring in a few weeks and I am now receiving messages

“Some Certificates are expiring or have expired
This is a critical issue and should be resolved urgently”

"There was an error updating certificate “certificate name removed”: couldn’t connect to host.

I know that this is due to not having the proper access in the firewall for outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org. However, when I go to cert manager to fix this, pressing the Update Firewall button does not add these entries to the firewall. The screen just refreshes and then goes right back to saying that I need to press the update firewall button.

So 2 questions:

  1. How do I solve this issue?
  2. Are Let’s Encrypt certificates trying to renew automatically? They are only good for 3 months, so I assume there is a built in mechanism to auto renew them. Is this true?

Thanks!

manually add them to the firewall under zones->network

1 Like

Yes but you are getting the message because they are unable to update automatically

To the trusted network zone?

Good to know. I was wondering if I would have to do it manually every couple months. Thanks!

yes - list that url’s as trusted networks

Thanks, will do.

There is a bug with the “Update Firewall” button when pressed from an existing certificate. You need to fool the system by pretending to create a new Let’s encrypt certificate. This prevents the auto renew function.

Select NEW let’s encrypt certificate. Press the “Update Firewall” button and it will work.
Go back out to certificate management and update your existing certificate.

http://issues.freepbx.org/browse/FREEPBX-13075

OK. I opened a bug report too.