I am having an issue trying to get a cert via Let’s Encrypt.
If I set port 80 for admin or UCP I can get to the interfaces from outside my network. This tells me that my port forwarding and external DNS is working just fine. Also, it prompted me to add the incoming sites to the firewall (the 2 for LE and the 2 for FreePBX.org) which I did do.
So I went into Port Management and changed the admin port to 8080, and set the Let’s Encrypt port to 80, but when I try to get a LE cert it times out and tells me it can’t get the token. I also cannot manually browse to the URL it is trying to get to from outside the network either (it does work internally).
So I am at a loss as to what the issue is. I have ruled out my port forwarding, and obviously the FreePBX firewall allows for port 80 to work from internally and externally. So what’s left to check?
So I turned off the firewall and it worked just fine, now I have the cert. Then I turned the firewall back on. So here’s my question, what is the FW blocking? As I said, I did add the 4 sites the UI told me to.
Is there a CLI command that can allow me to see, in real-time, what the firewall is blocking?
Try iptables -L
I would assume that when you change the admin port to 8080, FreePBX Firewall unblocks 8080 and blocks 80. If you have something else running on 80 you would need to unblock it separately.