I have half a dozen letsencrypt certificates on sites hosted an apache web server. I have no problem renewing the certificates and they perform as expected.
One site ONLY gets 4 hits per day on /.well-known/acme-challenge/ completed within a second or so and recurring approximately every 24 hours. Depending on the site’s setenv and modsecurity setup it returns either 404 or 403. This has been happening since I set up letsencrypt on that domain several months ago.
I thought it might be due to a dual-domain certificate I set up when first applying letsencrypt to the server. I subsequently applied individual certificates for each domain and yesterday I found and deleted the dual certificate. The hits still arrive.
The IP seems to be 184.108.40.206/24 - it may be tighter than that. The part after /.well-known/acme-challenge/ is, as far as I’ve traced it, different for every hit, even within the group of four. Time of day seems to be appoximately 24 hours but reducing a few minutes per day.
I’ve just seen a new IP in the log - a single hit from 220.127.116.11 to /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de with the UA “Server-Daten Check your Website (https://check-your-website.server-daten.de/)”. I haven’t seen this before - is it from “you”?
That's not one of the IP address ranges that Let's Encrypt would use for HTTP-01 validation requests. Doing a whois on it shows that it's owned by Endurance.com
They're a large webhoster with a Let's Encrypt integration. Are you one of their customers? You may want to contact their support to ask about the frequent validation requests. I can confirm they aren't coming from Let's Encrypt.
Aha! I bet they're trying to do "pre-flight" validation checks for a domain that used to be hosted with them. I would definitely try contacting their customer support to see if they can address the problem. Unfortunately we won't be able to help from our side since they aren't requests we're making ourselves.
If you'd like to block that source IP range at your firewall it won't affect your Let's Encrypt renewals (as long as you don't intend to host with Endurance!)