Can't renew Let's Encrypt certificates through the LoadMaster
Information
| Summary: |
Unable to renew Let's Encrypt certificates from the LoadMaster |
| Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any |
| Question/Problem Description: |
Let's Encrypt certificate will not renew from the LoadMaster. The logs show that the connection was reset by peer. |
| Steps to Reproduce: | |
| Error Message: | "Connection reset by peer, status 400" Code (13) |
| Defect Number: | |
| Enhancement Number: | |
| Cause: | Palo Alto Firewall blocking acme-protocol. |
| Resolution: | acme-protocol needed to enabled for both inbound and outbound connections to the Virtual Services using Let's Encrypt over HTTP and HTTPS. |
| Workaround: | |
| Notes: | https://community.letsencrypt.org/t/palo-alto-firewall-users-with-failing-http-01-challenges-enable-acme-protocol/177600 |