Hi all. One of our domains is only accessible from certain IP addresses. Its .htaccess contains a list of "allow from " followed by “deny from all”. The Let’s Encrypt organization does not publish the IP addresses that Let’s Encrypt uses to validate. Does this mean I need to manually update certificates for this domain every three months and temporarily remove the deny line, or is there another option? Thanks.
One alternative option is to use the DNS-01 challenge type. This involves having your ACME client dynamically update a TXT record for each domain you are issuing/renewing for. Since there’s no inbound connection to the individual servers, just a DNS query to your authoritative nameservers, it shouldn’t run afoul of your inbound network rules.
If you expand on which ACME client you are using right now and what software/provider you use for your DNS someone can likely provide more concrete guidance on how to switch to using DNS-01 challenges instead of HTTP-01/TLS-SNI-01.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.