Cert manager fails on pi4

I have a Pi4b running with a sip trunk and my own local. I cannot get the certification manager to install a letsencrypt cert because it fails to find the server. Forwarded port 80 to server IP and still fails. In fact, all outside port forwarding to the server seems to fail except for the openvpn port which is also on the server. Using static IP in dhcpcd.conf. Port forwarding works in router as I forwarded port 80 to another computer running nginx and it works fine. Is this because I’m using openvpn on the same server/Pi4? Freepbx 16.x is version. It appears to me that some sort of http server is not visisable from anywhere except the local lan on it’s fixed IP address. I’ve tried to access the GUI from outside the lan too and it fails no matter if I use the outside IP or domain name or dns forwarded domain… the freepbx gui is only available inside the local lan… Of course I don’t have access to any commercial modules since this is not a distro version… thanks

If you have

a Pi4b running with a sip trunk and my own local.

Then obviously your SIP signalling and media ports are being ‘forwarded’ properly. Can we assume you did that yourself? . If so , then the same method should work for ACME HTTP-01 if you have a read/writable server running on port 80.

Perhaps moving to DNS-01 protocol would be a good path to explore iof you have control over your DNS records, as it does not rely on port forwarding, (nor even a webserver running)

Hi, yes I set this up myself. What I can’t figure out is why even the Freepbx Gui doesn’t work outside the lan even though I forward port 80 to it … yeah I know its a risk. I cannot make a connection work outside the lan except for trunks. I have 2, one sip and one IAX which both work… it’s probably something simple … but the only outside phones that work are on a vpn which is also forwarded and works ok… If I didn’t know better I would think port 80 is blocked on the Pi4…

I should also add the only outside phones I have been able to connect are cell phones running openvpn clients to the server openvpn which is on the same box/pi4.

A well configured FreePBX system will have tls certificates appropriately installed, all connections to your server will rewrite http (port 80) to https (port 443) .

If that is the case then only connections to your FQDM will succeed , any attempts to your IP address will fail (but dangerously leak info, (another story) )

If you are ass halfed on your certificates , then disable any http to https redirection until well halfed

Then this may have been caused by attempting to start tls without a certificate. Was trying to force using the self signed one. Not good. Any recourse?

To use TLS you WILL need a globally acceptable valid certificate, there is no way around that really.