Closed Anubis-XIII closed 4 years ago
First, you should NEVER do testing of Let's Encrypt using "production":true
, your going to get yourself banned from Let's Encrypt servers for a long time if that has not already happened. After that, your out of luck and you just have to wait. Start with "production":false
until you get a certificate and you verify everything works.
Is it mandatory that MC2 runs on a WAN connected VM?
Yes, to get a Let's Encypt certificate, you need port 80 on the general internet to be routed to your server. You can't use any other port, cm.mydomain.de:80 must route to your MeshCentral server from the outside Internet. Use https://letsdebug.net/ to check that everything is ok.
Hope that helps, Ylian
I have my MeshCentral server running on a VM that is on my LAN and behind a firewall (Untangle). It doesn't have to sit directly on the WAN IP- but, like Ylian said, port 80 must be forwarded from the WAN directly to the LAN IP of your MeshCentral box. I believe you mentioned you are doing that- but make sure the rule is correct and that external requests for port 80 on that WAN IP are truly getting through to your MeshCentral box. I suspect it isn't.
Also make certain that HTTP traffic from your MeshCentral box is actually going out. If the incoming port 80 traffic is getting through but your firewall is not allowing responses from the webserver to get out then that will result in the same issue.
Thanks for all the help. It was indeed a setting in the firewall that I missed. Let's Encrypt is working fine now.
Just in case somebody uses a similar setup, check the Netgate Documentation:
https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
Pure NAT has to be enabled for this to work properly.
I'm currently testing MC2 in a cloud hosted environment where it has been installed on a Ubuntu 18.04 VM. The whole network infrastructure is protected by a pfSense firewall. Port 80, 443 and 4433 are routed trough via NAT. Internet is working fine. However, I cannot issue a Let's Encrypt Certificate for the Web Server.
DNS Entries are all working correctly and I can open the MC Web Console when accessing the URL in a Browser.
Is it mandatory that MC2 runs on a WAN connected VM? If not, what could be the issue?
According to the installation Guide, I had to run the command: sudo setcap cap_net_bind_service=+ep /usr/bin/node Which I did. But it changed nothing.
node -v v12.16.3 npm -v 6.14.4
I'm pretty much out of ideas.