Howdy,
I have a firewall in the system, that allow only IP's for my country to port 80.
But.. i cant renew LE then,
Where can I get a list of the ip's/networks used by letsencrypt so that i can allow then for the renewal?
Thanks in advanced,
Jorge Bastos
Let's Encrypt checks from many places around the world which regularly change, which they need to do in order to confirm that you control the domain as seen from everywhere around the world.
Your firewall should, if possible, allow access to the path /.well-known/acme-challenge/ globally. Or you should use the dns-01 challenge, assuming your DNS servers are globally reachable.
peter,
but isn't a list of the ip's used wordwide?
i don't mind putting them all in the fw
No, because they can and will change at a moments notice.
The reason behind multi-perspective validation is mainly security. And while I'm not a proponent of security by obscurity, with frequently changing IP addresses, I don't think Let's Encrypt should advertise the addresses.
I believe that one of the purposes of not publishing such a list is to forgo these types of whitelisting practices (and corresponding blacklisting).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.