Hi Juergen,
Thanks for the reply. I allowed inbound port 80 to register the certificate which worked fine. My question is whether port 80 is required for the renewal of an existing certificate.
When you say:
“There https is used -> local initiated outbound port 443 is required (and answers, but that’s firewall specific).”
Do you mean that port 80 is not required for renewals? And I only need to allow port 443?
The tcpdump output indicates that this is the case but it would be great to get some confirmation.
Thanks!