Hi all. One of our domains is only accessible from certain IP addresses. Its .htaccess contains a list of "allow from " followed by “deny from all”. The Let’s Encrypt organization does not publish the IP addresses that Let’s Encrypt uses to validate. Does this mean I need to manually update certificates for this domain every three months and temporarily remove the deny line, or is there another option? Thanks.
Hi @bertdj 
One alternative option is to use the DNS-01 challenge type. This involves having your ACME client dynamically update a TXT record for each domain you are issuing/renewing for. Since there's no inbound connection to the individual servers, just a DNS query to your authoritative nameservers, it shouldn't run afoul of your inbound network rules.
If you expand on which ACME client you are using right now and what software/provider you use for your DNS someone can likely provide more concrete guidance on how to switch to using DNS-01 challenges instead of HTTP-01/TLS-SNI-01.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.