Reissue of certificate fails

MikeMcQ · June 23, 2022, 6:06pm

I wish I'd thought of that

Osiris · June 23, 2022, 6:37pm

A clear case of "TL:DR".

MikeMcQ · June 23, 2022, 6:39pm

Yes, I am not known for brevity

Jabbs · June 24, 2022, 8:05am

Quick update. Sorry it doesn't yet provide a solution.

Just thought I'd say that the curl results information has been passed to the parent company network team.

Also, is it possible to edit the screenshot in the beginning as the network team are concerned that private IP is shown...

JimPas · June 24, 2022, 2:42pm

Done.

Jabbs · June 24, 2022, 2:53pm

Thank you. I'm on a call now so will update later

Jabbs · June 24, 2022, 6:10pm

Firstly, may I thank you all in this thread who have contributed. The solution was indeed to create a rule on the Palo Alto firewall allowing acme-protocol to pass through. There were one or two other issues I think in the firewall which confused things for a while.

But ulitmately it was acme-protocol. Allow from public IP to internal IP. Initially this had been set to outbound only. Once it was set to inbound also, the site auto-renewed the certificate before I could make another manual attempt.

MikeMcQ · June 24, 2022, 6:38pm

Many thanks for confirming Palo Alto firewall. Very helpful.