if I try to check the external IP of an Server after ipfire with wget -O - -q icanhazip.com, then I get thr external IP from ipfire, and not the IP from the server. What can I do th get the the right DNS ip from the hostname of the server?
A server behind IPFire is known outside with the IPFire IP. Traffic from the WAN is routed by IPFire with portforwarding.
So your server is addressed by <IPFire IP>:<server fw port> and not by <server IP>:<server port>. The mapping is done by a port forward rule of the firewall.
That’s what I understand, but the server asks for getting a letsencrypt cert, and checked the own ip address with the wget -O - -q [icanhazip.com command. So he got the ip of ipfire, and not the ip how matches with the DNS name. Thats the reason why he got no cert. Is there no way to manipulate that?
I think the DNS name of the server should be resolved to the IPFire IP. I can’t see a way, how another public IP can be associated to the server. Do you use multiple WAN addresses ( aliases on RED )?
wget is web request ( HTTP, HTTPS, … ). Therefore it is handled by the proxy, which is located on IPFire. iphazip.com delivers this IP ( the requestor of the web access ).