Certbot/Letsencrypt authenticator IP addresses

I have a Server behind a firewall appliance I’d like to enable SSL on. The Server is only available to a select few IP addresses externally. What IP address range(s) do I need to add to the access lists on my firewall to allow Certbot/LE to authenticate for renewals? I saw in one of the apache logs on a different computer.

Hi @rgould,

You should not use a validation method that requires an inbound connection in this case, because the validation IP addresses may change frequently in order to be deliberately unpredictable. Please see

The validation method that doesn't require an inbound connection to your server is the DNS-01 method, which requires you to create a specified DNS TXT record in your domain's DNS zone.

1 Like

Great, thanks. I’ll see if that works for me.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.