Hey all, so I am getting the following error when trying to set up a letsencrypt certificate.
There was an error updating the certificate: Error ‘Requested host does not resolve to ‘xxx.xxx.xxx.242’ (Resolved to ‘xxx.xxx.xxx.243’ instead)’ when requesting
I am using a PFSense firewall with 1:1 NAT configured on xxx.xxx.xxx.243 which points to the local IP of the FreePBX.
the xxx.xxx.xxx.242 address is the public IP of the PFSense box.
I have confirmed by checking the states and logs in PFSense that PFSense is correctly performing 1:1 NAT on all outbound traffic, however this error still persists. I can reach the PBX from its FQDN and if I perform the letsencrypt manually from command line it works, however I have been doing this for months now as a workaround and keep meaning to raise this issue here.
Ah, I’ve solved my own problem so thought I would post here in case anyone else is experiencing the same problem.
In our case it was our Squid Proxy server which was capturing everything destined to port 80 and representing itself as the public IP of the PFSense. As soon as I whitelisted the IP of the PBX to passthrough the proxy server it immediately started to work again.
I can see a lot of people in bigger networks getting caught out by this, hopefully my experience will be of some assistance to someone else.