Let's Encrypt IP subnet

I’m trying to use dns-01 verification method, but my DNS server is configured to response only for defined IP/subnets.
Please, tell me which subnet(s) is used for dns-01 verification?

Your authoritative DNS servers should really respond to all requests for DNS information about your specific domain.

My temporary solution:

  1. Enable query log in DNS server
  2. Request certificate using staging server
  3. Get LE validator IP address from logs
  4. Add LE validator IP to the list of permited IP/subnets
1 Like

That can work short term, but it potentially won’t work long term

Is there any reason you don’t want the general internet to be able to obtain the IP address of your website ?

Every day you discover use cases more obscure than before. I really like this forum.

What are you actually doing? Are you trying to obtain a public cert for a “local” name?

@umhd: I guarantee this process will break without notice at some future date. I strongly recommend you answer queries from all IP addresses.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.