cPanel + pfSense + Let's Encrypt + Curl

I'm putting this in General Discussion, but if the mods want to move it, feel free. I had the dreaded "SSL certificate problem: unable to get local issuer certificate" problem when working with Let's Encrypt and scripts that were using CURL. My SSL certs for domains worked just fine in web browsers - it was only CURL that had the problems. I tried all the fixes involving editing php.ini and downloading the pem from this HowTo very carefully (PDF attached in case link dies). Make sure you enable the new SSL cert, and that it shows up as valid (green) in a web browser. 2) If you are using port 443 to access your pfSense admin area, change it (i.e. port 8443). Do this under System -> Advanced, under "webConfigurator", under the "TCP port" area. This configuration option allows you to change which port PFSense listens on. This is because you need to forward port 443 to your cPanel server. 3) Make sure you have a NAT rule to forward the above port 443, to your (internal) cPanel server. Do this in PFSense, under Firewall -> NAT. You should change the following options on that screen: - Interface: WAN - Protocol: TCP - Destination: The VIP (external IP) that maps to your cPanel server - Destination port range: HTTPS (both from & to) - Redirect target IP: The main internal IP of your cPanel server - Redirect target port: HTTPS - Filter rule association: (create new rule) (all other options leave as default) 4) This was the final step that got everything working for me. You need to follow Method 1 of this guide (PDF attached in case link dies) in order to enable Pure NAT reflection. You should now have a working version of Curl that uses your Let's Encrypt SSL certs on your cPanel server. Many thanks to Andrew, Laure, Seth and Chad at cPanel support for helping me with this.