Let's encrypt renewal only working with manual acme IP in /etc/hosts of Firewall

[dbuergin]

Hi Guys,

I'm searching now for days, but obviously on the wrong places....

I was able to setup the acme let's encrypt plugin and create a new cert. But i was never able to renew the cert before i found out how to get around the errors (see acme_log_not_working.log).
If i add acme-v02.api.letsencrypt.org and its IP-adress to /etc/hosts of the firewall itself (with ssh and user root), it works !! But since /etc/hosts is automatically reset after a while, it's not a solution.

I did that now for three renewal periods, but i think it should work without.

Any idea what i'm doing wrong ?

My Setup:

OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020
os-acme-client (installed)   2.2

WAN interface gets it ip/dns stuff via DHCP from my provider.
LAN interface for local devices
WLAN interface for wireless devices
DMZ interface not used