Off topic: FMS can't get Let's Encrypt cert

Hi all,

Andrew from proof+geist asked me to post here although at this point I’m convinced we’ll need to engage with the team for some professional help in order to get to the bottom of the issue.

The problem we’re experiencing is that we’re unable to successfully complete the Let’s Encrypt certificate request or renewal on any of our 4 FileMaker Servers. We’re running the latest FMS 22.04.427 on 3 of them and 22.02.204 on the 4th. All are running on 22.04 LTS. We’ve been working with our IT, firewall, security folks to try to identify what’s changed since this worked a couple months ago. We think it likely has something to do with port 80, although our folks assure us that the Palo Alto firewall rules are allowing the traffic. And from what I can tell when they show us, it looks like the logs prove they’re right. We’ve also looked at logs on the servers and can’t find a smoking gun there either. Of course, we’re missing something. But, we’re about out of troubleshooting ideas. Any similar experiences?

Regards and thanks in advance for any input,
-Mike

I had a similar situation recently. I had originally been using my own script for SSL renewal that would allow/deny 80/tcp before/after renewal. When I then tried to use the built in FMS feature, it was trying to allow/deny 80 (without the more specific /tcp). The result was that both methods broke, because either 80 or 80/tcp were always listed as DENY, and this would overrule either one being in an ALLOW state.

Try running ufw allow 80 then see if you can reach your web server on http from outside.

If not working, run sudo ufw status to see if there are any other deny rules for port 80. If there are, you’ll need to remove those.