I’d like to know if it’s possible to get the IP of the CA that attempts a http01 handshake when generating certificates with certmanager in aks (Azure kubernetes).
The network security rules in place prevent the handshake, I think it is because the IP of the CA is blocked when attempting the initial handshake.
You have to allow all IP addresses to access the /.well-known/acme-challenge/ directory.
What IP addresses does Let’s Encrypt use to validate my web server?
We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
Why do you think that's the problem? Are the security rules blocking all IP addresses except for those that have been whitelisted, or do they only have a blacklist of specific IPs?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Or you could handle all the port 80 traffic with a less restricted system - apart from the https system and folders.
They need only share a common location to store the cert files.