I have a problem getting certificate from my unraid server with LE in docker behind a pfSense router. My ISP is cgnat but able to connect to a raspberry pi 3B with PiVPN with a public ip. I tried port forwarding in my pi with this command:
and port forward them from pfsense to the unraid server
but when I try to validate my subdomains it says firewall issue. I port forwarded in the pi behind an asus router those ports and i can SSH through the domain to the pi. So I think the problem is to port forward the from pi to the unraid server?
You need to validate that your config “works” before trying to get a cert for it.
[you probably aren’t even using the staging system]
Your configuration is incomprehensible.
The first picture shows it NATing the same IP and port to itself.
Which I take that to be intended to be port forwarding.
But the rule also is requiring the source port to also match the destination port.
That is highly unlikely to ever happen.
thanks for the reply. my current setup is like this
I tried to forward the port from of the LE container in VP1_WAN interface and in OpenVPN interface in pfSense. I also tried add a rule to pass any but unfortunately it is not working. I put the variable in the container staging true. I am trying to figure this out for a while and i cannot find where my mistakes are.
Honestly this type of task doesn’t lend itself well to remote debugging and is off-topic for this forum, but perhaps you can try use packet captures on each device to see where the traffic begins to be dropped.
He seems to have it more like:
AC66U-ingress:80 --> 192.168.2.10:80 --> 10.0.0.50:180 (Docker container) [through pfSense]
But the rules are nowhere near that.
yes the AC66U is not behind cgnat and have a public IP
When I connect my pc through the VP1_WAN gateway it can access the internet with the ac66u public ip. it is about port forwarding I guess? I already port forwarded in the asus router the port 80 and 443 to the raspberry pi. I also tried if I can access it through ssh over the public ip and its working.