In October of 2021, we began using a Let's Encrypt certificate for our ServiceNow instance. Everything was working with no issues until yesterday 9/11 morning. After much troubleshooting, we found the certificate validation process began utilizing the lencr.org domain for online certificate validation. This caused an issue as our network was not allowing traffic to lencr.org, only letsencrypt.org. Did something change this weekend on Let's Encrypt side to force the new domain for certificate validation?
Just trying to find out why we were working with no issues until yesterday morning and they only change we needed on our side was to allow the new web domain for certificate validation.
No changes to note this past weekend. Have you changed your ACME client or perhaps SSL monitoring systems recently? Note many ACME clients will only try to renew a cert within 30 days of expiration. So, changes since your last cert was issued might just become visible now. Still, no changes on LE side that would explain this.
Maybe this page answers your question? Let us know if it does not
Thank you for the information. We did review the site you suggested however it appeared this action was taken late in 2021. Our Let's Encrypt SSL certificates appeared to have been renewed on 8/19, so still not understanding why the sudden change.
The only outgoing traffic should be to https://acme-v02.api.letsencrypt.org/directory. Inbound validation of challenges can happen from any number of undisclosed IPs.
The only things that lencr.org are commonly used for are hosting the certificate verification information (CRL, OCSP, Root links, etc). See the link @MikeMcQ posted for more details on that.