My domain is: clefus.homeip.net
I ran this command: New Cert and Retry. See below for log but here is a snippet:
2024:03:26-19:38:03 letsencrypt[27901]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-
It produced this output:
This is a partial output - trying not to post security / token etc info.
2024:03:26-19:48:03 letsencrypt[30564]: I Renew certificate: handling CSR REF_CaCsrCertletsen for domain set [clefus.homeip.net]
2024:03:26-19:48:03 letsencrypt[30564]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain clefus.homeip.net
2024:03:26-19:48:11 letsencrypt[30564]: I Renew certificate: command completed with exit code 256
2024:03:26-19:48:11 letsencrypt[30564]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
2024:03:26-19:48:11 letsencrypt[30564]: E Renew certificate: COMMAND_FAILED: ["status"] "invalid"
2024:03:26-19:48:11 letsencrypt[30564]: E Renew certificate: COMMAND_FAILED: ["error","type"] "urn:ietf:params:acme:error:connection"
2024:03:26-19:48:11 letsencrypt[30564]: E Renew certificate: COMMAND_FAILED: ["error","status"] 400
2024:03:26-19:48:11 letsencrypt[30564]: I Renew certificate: sending notification WARN-603
2024:03:26-19:48:11 letsencrypt[30564]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2024:03:26-19:48:11 letsencrypt[30564]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)
My web server is (include version): Sophos UTM 9.718-5
The operating system my web server runs on is (include version): See above.
I can login to a root shell on my machine (yes or no, or I don't know): Yes - prefer not to for this...but can.
I have searched google, this forum, Sophos' forum and found both similar and different instances of this issue. I have tried creating an exception in web filtering, disabling (temporarily) country blocking, and much more....so far no luck in establishing the cert. I have an identical setup, with a similar dyn.dns domain at another location - have reviewed settings/compared and they seem to be the same. It was able to grab a certificate. I have also tried disabling the Let's Encrypt service and re-enabling. The only difference between the successful config and this one is which physical interface - although all the rules/config take this into account - which physical interface should not matter. It is acting as the WAN port just like the other physical port on the other device. I have also checked the CA's on the device and do not believe that is the issue.
Trying to get this cert on the actual sophos device, not a server behind it.
Thank you in advance for your help!