Hello Michael, Do you have a tip for me on what exactly I can look for in the fail2ban.log? What keywords could I search for? Or of course in one of the other two logs?
Best regards, Dirk blackpoint GmbH Friedberger Straße 106b 61118 Bad Vilbel -----Ursprüngliche Nachricht----- Von: Blueonyx <blueonyx-boun...@mail.blueonyx.it> Im Auftrag von Michael Stauber Gesendet: Montag, 13. Februar 2023 17:34 An: blueonyx@mail.blueonyx.it Betreff: [BlueOnyx:25970] Re: Blueonyx 5210R - firewalld ist blocking let's encrypt Hi Dirk, > on a machine with almalinux 8 / blueonyx 5210R, activated firealld and > packages fail2ban and Firewall this is the second time in a relatively > short period that Let's Encrypt has failed with a certificate renewal > timeout: > > [Mon Feb 13 03:49:33 CET 2023] www.domain.de:Verify error:123.456.78.90: > Fetching > http://www.domain.de/.well-known/acme-challenge/GT4WUNBge2I3GjR3GpDDmO > BhIEF0sT2qCkwbO577c8w: Timeout during connect (likely firewall > problem) > > After a systemctl restart firewalld and a > /etc/cron.daily/letsencrypt.cron all previous failed LE certificates > were successfully renewed. > > Has anyone had this problem before? Any suggestions for solutions? > Does anyone know the IP addresses from which LE is trying to validate > the URL so that I can add them to the whitelist of Fail2ban and the firewall? Let's Encrypt uses a distributed network of servers all over the place to handle requests and validations. And that network isn't static and there are changes off and on, so we'll never know what IPs they're using today or tomorrow. If you can, check /var/log/fail2ban.log, /var/log/secure and /var/log/messages to see why Fail2ban had this particular LE IP blocked to begin with. That should at least tell you which rule had been triggered. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx