Automated SSL verification token workaround?

Good morning,

My team and I are attempting to set up an SSL certification via HubSpot’s automated SSL verification process, which in turn uses Let’s Encrypt. We have been unsuccessful in doing so thus far because our current security layer is preventing Let’s Encrypts automated crawler from accessing the page.

We are hoping there may be a way to manually validate a challenge redirect without us having to remove our current server protections?

My domain is: www.cybereason.com

Hi @asa.curry,

There’s virtually nothing manual in Let’s Encrypt’s infrastructure from the Let’s Encrypt end. That’s the main reason that Let’s Encrypt is able to scale to issue almost 150 million certificates for free. :slight_smile:

There are three different supported challenge methods. One of them requires you to accept inbound connections on TCP port 80 (from any IP address, it is not supported to whitelist or block some IP addresses); another requires you to accept inbound connections on TCP port 443 (again, from any IP address); the third requires you to create a specified DNS TXT record in your DNS zone. People who have firewalls or IDSes that don’t accept the inbound connections from the first two methods often succeed with the third method, which is called the DNS-01 challenge.

These are the only options for proving your control over a domain name to get a Let’s Encrypt certificate.

Thank you for the quick reply! I will look into the third option that you mentioned.

Thank you again for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.