Thanks for the reply - however, I was using that service in Sysadmin (at least I’m pretty sure I was - its new on the port list and I’ve never seen it on other Sangoma PBX boxes I’ve deployed) but the PBX Firewall was still blocking access to it (at least it appears that way). The service was accessible to any address on the PBX firewall whitelist, but it wasn’t until I disabled the firewall on the PBX that the Let’s Encrypt certificate could be added.
Is there a separate exception I need to add to the PBX Firewall? Maybe a custom service? I scoured the forums and documentation for a couple hours before resorting to disabling the firewall.
I’ve just had this problem and successfully solved it. This is what I did:-
Admin / System Admin / Port Management
Changed the “Admin” port to 8080.
Changed the “LetsEncrypt” port to 80.
Ensure all other ports are not set to 80.
Click “Update Now”
Connectivity / Firewall / Services
Unset all “Web Management” zones (leave Web Management (Secure) as is).
Click “Save”
Connectivity / Firewall / Custom Services
Create new Service:
Description: LetsEncrypt
Protocol: TCP
Port Range: 80
Save
Set “Internet” and “local” then click the green check mark to save changes.
(I included “local” as the outbound.letsencrypt.org and mirror.freepbx.org hosts are in this zone by default).
External Firewall (if present)
Enable/Forward TCP port 80 any
(this is the only port accessible to the Internet)
Admin / Certificate Management
Click “Edit” icon next to Let’s Encrypt certificate
Click “Update Certificate”
If anyone can offer any improvements on the above please feel free to reply. I’m uncomfortable leaving any port open to the Internet but believe the above to be “safe” and the only option for LetsEncrypt automatic renewals going forward.