New validation IP addresses

As we describe in our FAQ, Let’s Encrypt may use multiple IP addresses to make requests during validation of domain control. So far, we have tended to use a small number of IP addresses, so some subscribers have whitelisted those IP addresses in their firewalls. Starting soon, we will be using a wider variety of IP addresses. If you are using a firewall to restrict access to Let’s Encrypt’s IP addresses, validation may begin failing soon. We recommend either:

  • Allowing port 80/443 access from the whole Internet to hosts that need Let’s Encrypt validation, OR
  • Using the DNS challenge type.

You may also want to review our integration guide.