I know this issue has been touched on before in the past by other users and I am aware of your current stance on the issue, but it’s actually rather important issues and it does warrant some additional considerations.
This would be a published list of IP address that Let’s Encrypt uses to do validation checks.
I find myself in need of this very list. I have a sensitive system that’s a legacy system that I’m not permitted to make any changes to. Due to the nature of the services performed on this system, access to this system has been totally firewalled off to only specified static IP’s. That is until I have to manually open up port 80 to the entire world every couple of months in order to let Let’s Encrypt do its renewal and then close the system off once again.
It wouldn’t be so bad if I could simply script the firewall rules on the system itself, but as I stated, I’m not permitted to make any changes to it.
However, if Let’sEncrypt would pick a set of IP addresses, stick with them, and publish said list, users could easily add firewall exceptions that would allow for automated renewals without having to manually go in and fiddle with the firewall and run manual renewals every couple of months.
I don’t want you to feel as if I’m unappreciative of the service you’re performing, I think its a wonderful contribution to the community and have personally made donations in the past as a thank you for the time and effort you’ve put into giving us all this tool to use, but I really feel that whatever reason it is that you have that’s preventing you from doing this, is greatly outweighed by the number of people who would be greatly benefited from it. The entire point of the system is to help bring security and encrypt to the masses, but then requiring unsecured ports be left open and exposed to the entire world in order for it to function really seems like it’s defeating the purpose. Users shouldn’t have to open up security holes in order to secure their systems.
Just my point of view and a feature I’d really make use of.
Feel free to flame at will.