Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Lets Encrypt issue with cert generation

 

Information

 

Summary:

When the ports are open and the DNS is correct the cert generation does not work with Lets Encrypt.

Environment:

Product: LoadMaster

Version:7.2.57

Platform: 

Application:

Question/Problem Description:

Even though the LoadMaster (LM) is configured correctly the Lets encrypt process does not work:

  • Ports are forwarding for normal traffic to VIP.
  • DNS is correctly setup for the FQDN.
  • No errors in logs regarding Lets Encrypt connection attempt.
  • TCP dump on port 80 and 443 show no traffic from lets encrypt validation servers.
Steps to Reproduce:  
Error Message: No error message on LM logs.
Defect Number:  
Enhancement Number:  
Cause: Firewall IDS/IPS or L7 inspection filtering on "Agent string" for incoming HTTP/HTTPS requests to virtual service.
Resolution:

Allow the Lets encrypt agent string shown below through the firewall/Inspection Filter:

“Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”, by URI, “/.well-known/acme-challenge/[token]”
Workaround:  
Notes:  

Comments