Closed bswinnerton closed 6 years ago
Yep, the solution I would like to implement for this would be to have the challenge server started by renew.sh listen on a different port and then add a temporary forwarding rule during renew. Manually enable/disabling the forward as you pointed out just won't work for renews.
Give this a test if you can, it adds a temporary firewall rule during renew to hopefully nullify the port forward. Remove /config/.acme.sh/your.domain.directory to force a re-verify.
https://raw.githubusercontent.com/j-c-m/ubnt-letsencrypt/pf-test/scripts/renew.acme.sh
Give this a test if you can
This worked perfectly. I gave it a shot with a brand new domain 👌.
f24048e0378c984c986c531dcfd3e83bf5022880
Thank you so much for the contribution 🙇.
This bit me today 😆, if you have port forwarding enabled for port 80 before running this script, the lighttpd process won't be able to receive the call from Let's Encrypt.
I'm wondering if a better solution would be to temporarily disable port forwarding in the script, and then re-enable it at the end if it was previously enabled - otherwise, the scheduled job won't work.