Need a list of LetsEncrypt server IP addresses that will connect back to the client so that they can be added to the ipset whitelist and through the firewalls. RobTex.com lists twenty-seven IP addresses. Are all of these 27 used for reaching back to clients or just a few? I need the subset of of the 27 that would reach back to our servers in the US.
Hello. I’ve moved your post to a new thread, since it looked separate from the other one.
There isn’t one. From the Let’s Encrypt FAQ:
What IP addresses does Let’s Encrypt use to validate my web server?
We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
One option is to not block any IP addresses.
Another is to use DNS validation, which validates by using a DNS query for e.g. _acme-challenge.www.example.com and doesn’t need to connect to your web servers. (But does, of course, access your DNS servers.)
Another is to use more specific blocking. For example, HTTP validation only makes requests to files in the directory /.well-known/acme-challenge/. You could whitelist that while completely blocking access to other paths.
The IP addresses used for validation and to host the website are probably different. (Currently, they are definitely different, but that is of course not guaranteed.)
5 Likes
I am using a pre-made and often updated docker container that uses web server authentication. It would revert changes to dns on each update.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.