-
I'm not exactly sure how to start debugging this error. I've build lego from source and also tried using the docker image however I'm getting the same result. My host system is fedora I'm using a CSR in attempts to obtain LE certs. The reason for using this method is that ipa has a specific private key and I'm using the FreeIPA httpd private key to generate the CSR in attempts of then obtaining a LE SSL certificate. Other methods (https://github.com/freeipa/freeipa-letsencrypt/tree/master) use http webroot challenge and I'm basically trying to get around opening a port and use DNS challenge to accomplish the same task. Here are my two scenarios:
When running both scenarios I get a similar output to the following:
Am I not passing the appropriate parameters to lego to accomplish this task?? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
Hello, the most important part is Your DNS (maybe there is a firewall) refused the DNS calls. |
Beta Was this translation helpful? Give feedback.
-
Thanks for pointing me to the right direction with the query. I had NAT firewall rule redirecting port 53 requests to the pfsense firewall itself -- this was suggested in the pfsense documentation. Anyway, I disabled the NAT firewall rule and was able to obtain a certificate. Thanks a lot for pointing me to the correct direction -- fairly certain I would have never figured the problem out without some useful guidance. |
Beta Was this translation helpful? Give feedback.
Thanks for pointing me to the right direction with the query. I had NAT firewall rule redirecting port 53 requests to the pfsense firewall itself -- this was suggested in the pfsense documentation. Anyway, I disabled the NAT firewall rule and was able to obtain a certificate. Thanks a lot for pointing me to the correct direction -- fairly certain I would have never figured the problem out without some useful guidance.