I’m not used to this kind of issue so the question might look stupid, but so far I’ve been unable to find an answer around the web so here I am.
I recently had an issue in which a client (a remote server, not managed by me) was unable to connect to our server.
We are protecting the connection with a valid and working Let’s Encrypty certificate.
The first error was about a connection timeout “context deadline exceeded (Client.Timeout exceeded while awaiting headers)”, but the underlying error was “x509: certificate signed by unknown authority”
They found out that allow the communication had to whitelist some IPs:
- 220.127.116.11 (Microsoft)
- 18.104.22.168 (Microsoft)
- 22.214.171.124 (Level 3 Parent, LLC)
The IT guys who manage the client server don’t like the idea to whitelist IPs though, so they asked if it’s possible to have some FQDN to whitelist.
The question is:
Is there a series of FQDN (ideal option) or IPs to whitelist in order to allow the CA authority to be verified?