Hello,
I have a FreePb v14 system running. It works great 
But there is one thing I could not yet really get over to.
I have tried to generate a Let`s Encrypt certificate for this machine using the FreePbx administration web frontend for certificates (Admin -> Certificate Manager -> Create New Lets Encrypt Cert).
This are my systems details (values slightly modified ONLY SIMILAR EXAMPLE FOR DEMONSTRATION!):
Hostname: srv01.xyz.com
IP: 218.17.123.123
Version: FreePBX 14.0.1.4 (from latest official distro)
DNS entry for xyz.com:
A 3600 srv01 218.17.123.123
Lets Encrypt cert details:
Certificate Host Name: srv01.xyz.com
This is the error output on generation:
There was an error updating the certificate: Error ‘Requested host ‘srv01.xyz.com’ does not resolve to ‘91.130.242.22’ (Found 213.17.123.123)’ when requesting “srv01.xyz.com//.freepbx-known/c70667a06e8fb13d35fb770ddc2c0023”
The strange thing is, I can reach the URL srv01.xyz.com//.freepbx-known/c70667a06e8fb13d35fb770ddc2c0023 without any problems from outside with any browser and the response does come from the host/apache with the IP 213.17.123.123.
Firewall module is enabled and configured on the pbx, the needed LE exclusions were made.
The IP which was resolved by the LE module “91.130.242.22” seems to be the last IP before my ISP hands over the connection to my network.
In my network, the pbx device is in a DMZ and public IP is set for it.
I have no other active firewall. I can also not image that my ISP blocks any ports as all parts of the device are connective (ssh, apache, ssl etc.) from outside.
How does the certificate manager resolve the IP, does it need any further settings ?
Why does it resolve to the last gateway of my ISP and not to that what is set in the DNS entry ?
I am curious about that. Please help ! Thank you !