OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: mervynsword on December 07, 2018, 08:34:43 pm
-
Hi guys.
I am trying to use Caddy behind OpnSense as a reverse proxy. But there are some problems.
I have added NAT rules and firewall rules, just in the attachment.
But the Caddy can not get https certificate. It showed failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://home.example.me/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXXX: Timeout during connect (likely firewall problem)
The acme request port 80 or port 443 to get certificate, so I am thinking maybe it`s a firewall problem, or worse, the port 80 and port 443 are blocked by ISP.
So I tried to run a netdata in a docker, forwording port 19998(host) to 19999(docker)(because the port 19999 has been using by the netdata running in my host), and add a NAT rule to the firewall, it can be visited from the internet by http://home.example.me:19998.
So I changed the netdata docker port forward, from host 443 to docker 19999, and of course a NAT rule, the port test shows the host 443 port can be reached from the LAN, but I can`t visit netdata from the internet by http://home.example.me:443.
What makes this interesting is, the log of the firewall shows it allows the connection from the internet to the netdata docker.There is a screenshot in the attachment too.
I mean I can`t visit the netdata by http://home.example.me:443, so maybe the 443 port is blocked by ISP? But if it is blocked, why there is logs show the firewall accepted the connection?
-
Maybe your browser is confused. HTTP on Port 443 is very uncommon, so it tries to speak HTTPS or expects a HTTPS answer.