As we describe in our FAQ, Let’s Encrypt may use multiple IP addresses to make requests during validation of domain control. So far, we have tended to use a small number of IP addresses, so some subscribers have whitelisted those IP addresses in their firewalls. Starting soon, we will be using a wider variety of IP addresses. If you are using a firewall to restrict access to Let’s Encrypt’s IP addresses, validation may begin failing soon. We recommend either:
- Allowing port 80/443 access from the whole Internet to hosts that need Let’s Encrypt validation, OR
- Using the DNS challenge type.
You may also want to review our integration guide.