New validation IP addresses


#1

As we describe in our FAQ, Let’s Encrypt may use multiple IP addresses to make requests during validation of domain control. So far, we have tended to use a small number of IP addresses, so some subscribers have whitelisted those IP addresses in their firewalls. Starting soon, we will be using a wider variety of IP addresses. If you are using a firewall to restrict access to Let’s Encrypt’s IP addresses, validation may begin failing soon. We recommend either:

  • Allowing port 80/443 access from the whole Internet to hosts that need Let’s Encrypt validation, OR
  • Using the DNS challenge type.

You may also want to review our integration guide.


Certbot/Letsencrypt authenticator IP addresses
Cert renewal with dry-run succeeds, but fails on actual renewal