Hello.
Could you guys please provide some way to get IP ranges of your servers?
At the moment I have to drop down my entire firewall in order to renew certificate.
I have my synology firewall normally opened to only few countries. I do not want to open it to the world.
Let's Encrypt deliberately don't do this:
We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
Is the DNS challenge an option for you?
HTTP should not be blocked.
You can handle the renewals and also redirect all other connections to HTTPS from there.
[HTTP can even be served by a completely separate system]
Now HTTPS, yes, that should be locked down to whatever you like.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.