This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let'sEncrypt Allow Certificate Check Through Firewall

Good evening,

I recently deployed an internal Matrix-Synapse home server to act as a chat server for my team. I opened the firewall to perform a Let'sEncrypt certificate install and subsequently closed my firewall again blocking all traffic.

At present, users cannot connect as the certificate cannot be verified. I know that Let'sEncrypt do not publish their IP, but do they offer another means? Perhaps a simple DNS? I would like to know if there is a firewall rule that I could implement to allow checking of the certificate only?

Any help would be greatly appreciated.

This thread was automatically locked due to age.

Parents

0 apijnappels over 7 years ago

I believe for a LE certificate to be issued, your server must be reachable on ports 80 and 443.

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel
0 fake user over 7 years ago in reply to apijnappels

Thanks for your reply.

I already have the certificate issued I just need internal users (that have no internet) to be able to connect without a certificate error. I need to know which ip, dns, ports to open to allow the the certificate check to occur.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 fake user over 7 years ago in reply to apijnappels

Thanks for your reply.

I already have the certificate issued I just need internal users (that have no internet) to be able to connect without a certificate error. I need to know which ip, dns, ports to open to allow the the certificate check to occur.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data