Hello,
My router, running OPNsense, port forwards all unsolicited inbound ports 80/443 TCP traffic to an intranet Synology box that relies on the vendor's scripts to renew
Let's Encrypt cert automatically. I would like to obtain an equivalent cert for the OPNsense box.
My attempts to obtain a
Let's Encrypt cert through the OPNsense process fail with the following tail entries in the log:
code='400'
_ret='0'
payload='{}'I understand that ports 80/443/tcp have to be open for
Let's Encrypt cert process. Since https://www.yougetsignal.com/tools/open-ports/ (https://www.yougetsignal.com/tools/open-ports/) informs me that 80/443 is closed for the router (WAN facing) box, my question is how to enable this key configuration requirement
without changing the existing port forwarding setting for unsolicited HTTP/S traffic that is working for my other uses of the Synology box?
I am a newbie. I have done enough self-inflicted damage to personal productivity by not seeking advice earlier. Key requirements:
- Retain Let's Encrypt cert renewal process for intranet Synology box
- Route all unsolicited inbound HTTP/S traffic to Synology box
- Obtain Let's Encrypt cert for OPNsense box
Any advice on securing a Let's Encrypt cert for the OPNsense box would be sincerely appreciated. Thanks.
Kind regards.
P.S. Using:
OPNsense 20.1.8-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
OpenSSL 1.1.1g 21 Apr 2020