I’ve just created an account to reply an alternative answer to a closed topic (same title).
The selected Solution in this topic recommend the use of an outbound proxy server.
If you are in an organisation where you cannot setup these kind of component.
But can ask for a whitelist-based set of traffic then here is the solution.
You can get the ip block from cdn provider :
# Get your local IP resolution $ dig +short acme-v01.api.letsencrypt.org | tail -1 220.127.116.11 # Extract full netwoks # (Based on akamai's current whois ouput, which may change in the future) # (Remove the grep part to find if you read this message in 2023 :p) $ whois 18.104.22.168 | grep ^CIDR: CIDR: 22.214.171.124/22 CIDR: 126.96.36.199/10
Now you can ask your security/firewall guys to whitelist :
- source: (your source ip)
- destination (the extracted ip blocks destinations)
- protocol: TCP
- port: 443
Hope this will help someone in the future