Problem with LetsEncrypt

Hey all, so I am getting the following error when trying to set up a letsencrypt certificate.

There was an error updating the certificate: Error ‘Requested host does not resolve to ‘’ (Resolved to ‘’ instead)’ when requesting

I am using a PFSense firewall with 1:1 NAT configured on which points to the local IP of the FreePBX.
the address is the public IP of the PFSense box.

I have confirmed by checking the states and logs in PFSense that PFSense is correctly performing 1:1 NAT on all outbound traffic, however this error still persists. I can reach the PBX from its FQDN and if I perform the letsencrypt manually from command line it works, however I have been doing this for months now as a workaround and keep meaning to raise this issue here.

If I obtain my public IP from command line using dig.(I am unable to post the command used as I am an new user however once this restriction is released I can do so) is correctly returned,


curl (which I understand is what Freepbx uses to obtain the boxes IP) returns

I am completely at a loss to understand how it is returning this address, in the firewall states the only thing I can find that looks dubious is as follows.

:46924 -> ( FIN_WAIT_2:FIN_WAIT_2 7 / 6 447 B / 728 B

NB: is the public IP of

Anyone got any clues???

Despite the 1 to 1 nat (double check that config), pfsense is sending outbound requests from the .242 address. That part is a pfsense issue.

But… the failure of LetsEncrypt with such a config is the FreePBX nanny getting in the way. FreePBX makes some just plain dumb network assumptions. It’s a known issue reported at

I might post a PR if @kgupta1 or someone at Sangoma can indicate which proposed approach to take. I would just remove the lechecker.php process completely if given a choice.

Ah, I’ve solved my own problem so thought I would post here in case anyone else is experiencing the same problem.

In our case it was our Squid Proxy server which was capturing everything destined to port 80 and representing itself as the public IP of the PFSense. As soon as I whitelisted the IP of the PBX to passthrough the proxy server it immediately started to work again.

I can see a lot of people in bigger networks getting caught out by this, hopefully my experience will be of some assistance to someone else.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.