Trying to set up a cert for the first time on FPBX. I’m following Crosstalk’s video instructions for v15. I changed the admin port to 8080 and have letsencrypt running on port 80. I have the FPBX firewall completely disabled (on purpose) and would prefer to keep it that way if possible, as I’m behind a hardware firewall and prefer to manage traffic there. This is the error message that I get when generating a new let’s Encrypt certificate:
LetsEncrypt Generation Failure
Unable to update challenge :: authorization must be pending
- Token did not match
- The FreePBX Firewall is not enabled.
- The LetsEncrypt servers only send challenge queries to port 80. Certificate requests will fail if public access via port 80 is not available.
Processing: pbx.intentionallyhidden.net, Local IP: 127.0.0.1, Public IP: 173.10.xxx.xxx Self test: trying http://pbx.intentionallyhidden.net/.freepbx-known/98f320aff626b44b0826d768d0f907c5 Self test: received 98f320aff626b44b0826d768d0f907c5 Token did not match Getting list of URLs for API Requesting new nonce for client communication Account already registered. Continuing. Sending registration to letsencrypt server Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct Account: https://acme-v02.api.letsencrypt.org/acme/acct/1973468937 Starting certificate generation process for domains Requesting challenge for pbx.intentionallyhidden.net Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/409800162387 Got challenge token for pbx.intentionallyhidden.net Token for pbx.intentionallyhidden.net saved at /var/www/html/.well-known/acme-challenge/yY65OJGjhSDWJvWSAsK4x_RRghBaRPOdmt9PeXIPc9k and should be available at http://pbx.intentionallyhidden.net/.well-known/acme-challenge/yY65OJGjhSDWJvWSAsK4x_RRghBaRPOdmt9PeXIPc9k Sending request to challenge Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/409800162387/9UsgQQ Verification pending, sleeping 1s Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/409800162387/9UsgQQ