Address range for “http-01” ACME challenge

Good day,
I want to list Ip address for “http-01” ACME challenge, for renewal, but I found information that it uses
but that is not possible due to " CDN they use (Akamai)"
I did notice there are 3 adresses:

I am located in the eu, can I list only the eu address for port 80, would that work?

some info taken from:

That isn't possible--LE doesn't, and won't, list these IPs as a matter of policy. Edit: see also:


Also, the IP addresses of the API endpoint are not the same as the IP addresses used by the validation servers, as Let's Encrypt uses 4 different data centers around the world for multiple vantage point validation.


DNS validation (instead of http validation) is the way to go, if you require that international http requests to your server are blocked by default.


thanks for the idea, it's a hardware device that has renew integration with let's encrypt, dns is not not a possibility

1 Like

Cool, can you copy certificate files onto the device using SSH/SFTP? If so, you can use any capable client to get your cert using DNS, then copy the files.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.