Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 6 subscribers
  • Views 4885 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country blocking exception for Let's Encrypt renewal

tomcek

Hello,

can anyone tell me how to define a valid country blocking exception for the Let's Encrypt service?

With country blocking enabled I get the error:

Let's Encrypt certificate renewal failed accessing Let's Encrypt service

I tried it with an excetion on the DNS entry on letsencrypt.org (172.65.32.248) and acme-staging-v02.api.letsencrypt.org (172.65.46.172)

but this doesn't seem to be the right way,

Can anyone help me out please?



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Can you please check if you have configured the country blocking exception for the "letsencrypt.org" and "acme-staging-v02.api.letsencrypt.org" as per the highlighted entries in the following table?  

    Interface/remote host Requests Host/network Countries
    Local interface Coming from Enter a local interface address Choose countries to skip
    Local interface Going to Enter a local interface address Choose countries to skip
    Remote host (internal network) Coming from Enter an internal host/network Choose countries to skip
    Remote host (external network) Coming from Enter an external host Do not choose countries
    Remote host (internal network) Going to Enter an internal host/network Choose countries to skip
    Remote host (external network) Going to Enter an external host Do not choose countries

    You could find more information by navigating to Network Protection > Firewall > Country Blocking Exceptions and the click on the "?" on the top right of the page. 

    Thanks,

  • 0 in reply to FormerMember

    Sorry for my very very very late reply Upside down

    Can you have a look to my exception in the Country Blocking. Do you see any issue here?

  • FormerMember
    0 FormerMember in reply to tomcek

    Hi ,

    Thank you for reaching out! 

    There’s one selected country; please remove it and see if that helps. 

    Thanks,

  • 0 in reply to FormerMember

    No, it doesn't make a difference. It always fails. Only disabling "United States [Off]" in Country Blocking would help. But that's no solution.

  • FormerMember
    +1 FormerMember in reply to tomcek

    Hi ,

    Thank you for the update. 

    You would need two exceptions, Going to and Coming from, for those external hosts. 

    Configure these two exceptions and don't select any countries. When you configure external hosts in the country blocking exceptions, it's not recommended to select countries. 

    Thanks,

Reply
  • FormerMember
    +1 FormerMember in reply to tomcek

    Hi ,

    Thank you for the update. 

    You would need two exceptions, Going to and Coming from, for those external hosts. 

    Configure these two exceptions and don't select any countries. When you configure external hosts in the country blocking exceptions, it's not recommended to select countries. 

    Thanks,

Children