Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

Lets Encrypt issue with cert generation

Updated

 

Information

 

Summary:

When the ports are open and the DNS is correct the cert generation does not work with Lets Encrypt.
Environment:

Product: LoadMaster

Version:7.2.57

Platform: 

Application:
Question/Problem Description:

Even though the LoadMaster (LM) is configured correctly the Lets encrypt process does not work:

  • Ports are forwarding for normal traffic to VIP.
  • DNS is correctly setup for the FQDN.
  • No errors in logs regarding Lets Encrypt connection attempt.
  • TCP dump on port 80 and 443 show no traffic from lets encrypt validation servers.
Steps to Reproduce:  
Error Message: No error message on LM logs.
Defect Number:  
Enhancement Number:  
Cause: Firewall IDS/IPS or L7 inspection filtering on "Agent string" for incoming HTTP/HTTPS requests to virtual service.
Resolution:

Allow the Lets encrypt agent string shown below through the firewall/Inspection Filter:

“Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)”, by URI, “/.well-known/acme-challenge/[token]”
Workaround:  
Notes:  
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document