Now that I have time for more than a drive by response…
As mentioned in this partial list of forum posts LetsEncrypt certificate updates have broken the firewall horribly since the June 8th blog post.
There had been a couple of failed attempts to fix this, and the current stable versions firewall 15.0.6.20 and certman 15.0.25.3 are still broken.
The edge versions(firewall 15.0.6.29/certman 15.0.32) accept my fix. Both firewall and certman need to be updated.
I’ll be the first to call for more real world testing. The approach is enough of a departure it warrants community acceptance (or rejection) before being promoted to stable.
I also submitted a second round of improvements I think should be adopted before promoting to stable to allow for disabling all “automatic” LetsEncrypt rules.
Discussion is spread among multiple jira tickets making it difficult to follow, but if anyone cares:
https://issues.freepbx.org/browse/FREEPBX-21683
https://issues.freepbx.org/browse/FREEPBX-21734
https://issues.freepbx.org/browse/FREEPBX-21812
https://issues.freepbx.org/browse/FREEPBX-21822