We keep encountering the following error when attempting to create a Let’s Encrypt certificate on Sophos firewall as well as using win acme, and we’re not entirely sure what the root cause might be.
From what we can see, the path mentioned in the error (.well-known/acme-challenge/...) does exist. We’re unsure whether anything specific needs to be configured on the server side to allow Let’s Encrypt to fetch the URL successfully.
Should this path be created manually, or is there another step we might be missing? Could this be related to firewall or network restrictions?
It's very hard to help without the actual hostname and IP.
Well, it needs to be configured to be accessible from the Internet.
Generally not, no. Your ACME client should be configuring your server to respond as needed.
Uh, yes. The "Timeout during connect (likely firewall problem)" means what it says, that one of the attempts to connect to your server timed out (there wasn't a response to its request), which usually means that a firewall is blocking it.
This part of the error message means that from some perspectives (the "primary" one), it could connect to your system and validate, but not from some others, if that helps.
If you're not willing to tell people here you domain name, but are willing to enter it into some online tools, you might want to try some that connect from many places around the world to see where one might be having problems. One I like is https://check-host.net/ where you enter your name and click the "HTTP" button.