Hi I already have letsencrypt working so that bits out the way.
Right I’m setting my sites up with the nginx geoip restriction up on my server to only allow access to ip’s from the UK to cut down on some daily cyberwarfare attacks
My question is if I activate the module with a 444 redirect not a 403 as it drops all connections from the given up
Will letsencrypt still work renewing my certs as I presume letsencrypt servers are not serving from the UK so when it tries to renew the certs it will fail as let’s encrypt will get served with a 444 response
Is this correct if so is there a work around like adding a allow through from letsencrypt ip addresses to my vhost file
This has often been discussed before and is contrary to Let's Encrypt policy (that is, Let's Encrypt is not willing to cooperate with attempt to whitelist particular validation IP addresses, although doing so might work temporarily).
If you don't want to allow incoming connections to your service from the general public, you should use the DNS-01 validation method instead of HTTP-01 or TLS-SNI-01.
I had a feeling you was going to suggest about the whitelisting policy and thought there would be some measures implemented for not disclosing up info for security issues.
I will look further into getting renewal of certs and ip base geo restrictions working harmonylously together with out whitelisting validation procedures.
Thanks for sharing dns-01 alternative will look further into that once internet goes back up.