I would like to know specifically which Country or Countries certbot is using to check for connectivity to do the acme-challenge?
I have country restrictions on ~150 countries blocked from incoming traffic and this prevents certbot from completing its task, once disabled there is no issue with renewal as I have port forwarding to the reverse proxy that I use temporarily enabled on port 80, and shutting off the ufw temporarily while certbot runs but until the country restrictions are off it will not complete and claim "likely firewall related"
Currently: USA, Sweden, Singapore. We will likely add some more countries eventually, as the CA regulations will require 6 vantage points in the coming years.
The non-US locations are all currently AWS but that may also change.
It's important to note that this list of countries can -- and will -- change and grow with no notice.
If possible, examine why you are blocking traffic from countries other than the US, and see if it is truly necessary. Also, see if your geo-blocking firewall is capable of not blocking traffic specifically to the /.well-known/acme-challenge/ sub path. If you do one of those, then you won't have to manually unblock whatever countries we happen to be using when you go to renew.
There's an unofficial community geoblocking FAQ that may be helpful.
I don't know if you already saw it and that's the FAQ you were trying to say should include more details on the current set of locations, or if you're talking about the official FAQ.
Mainly, I am not hosting a website for all, it is for development and I and a few other countries require access to it, I just don't like seeing all these suspicious activity logs from all over, thus blocking the incoming countries should mitigate some attacks/attempts at accessing my network.
because of the network setup I have.