Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Thank you for the response.
I know I have outbound connectivity because a) I have clients behind that firewall that aren't screaming and b) I am accessing it remotely.
Ports 80 and 443 are blocked inbound from outside with the exception of a handful of trusted IPs that we access the device from. Since we are masking the u/i login to the device I cannot open those ports to the world. I can, however, turn on ping on that address to prove outbound connectivity.
Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Thus you need to own and have control over the Domain Name (or have a subdomain under an existing domain name, for example pointed to your server by your employer or school) you wish to obtain a certificate for, from an ICANN Accredited Registrar.
Since these are Domain Validation (DV) certificates the Domain Name System (DNS) is used extensively in the validation process as well a allowing us to assist here on Let's Encrypt community.
DNS Queries need to give consistent results from any location on the Internet, all your authoritative DNS Servers for the Domain need to also give consistent results as well.
You should allow access to the path /.well-known/acme-challenge/ regarding the remote IP address. Let's Encrypt validates from multiple points across the globe and there is not a list of IP addresses used. If that's not possible, you could use the dns-01 challenge.
Yes, using the Cloudflare DNS challenge with all of the requisite information. I should also note that this system has been in place about 2 years and has been working fine until the last several weeks.
So, this is weird. Curl is installed. Issuing which curl gives me /usr/local/bin/curl, but running any of your suggested curl requests just drops back to the command line with no output in either the diagnostics -> shell command or from the console. I know this isn't right as I can run the command from another pfsense device and get a full response.