i just spent some time troubleshooting why Let’s Encrypt validation is failing on my web server and it seems that Dynamic Firewall feature was the reason. As I saw
DROP events logged in
iptables log file on the Turris at the same time as validation script was running and when I disabled Dynamic Firewall the validation then immediately completed successfully.
Is there any place where I can look up the IP address against the firewall database? Or even a place where we can submit these false positives?
I’d like to keep dynamic firewall enabled but as it’s now blocking me from using Let’s Encrypt I will keep it disabled for now.