"deny from all" and validation

Hi all. One of our domains is only accessible from certain IP addresses. Its .htaccess contains a list of "allow from " followed by “deny from all”. The Let’s Encrypt organization does not publish the IP addresses that Let’s Encrypt uses to validate. Does this mean I need to manually update certificates for this domain every three months and temporarily remove the deny line, or is there another option? Thanks.

Hi @bertdj :wave:

One alternative option is to use the DNS-01 challenge type. This involves having your ACME client dynamically update a TXT record for each domain you are issuing/renewing for. Since there’s no inbound connection to the individual servers, just a DNS query to your authoritative nameservers, it shouldn’t run afoul of your inbound network rules.

If you expand on which ACME client you are using right now and what software/provider you use for your DNS someone can likely provide more concrete guidance on how to switch to using DNS-01 challenges instead of HTTP-01/TLS-SNI-01.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.