Source IP or FQDN address for AUTO- RENEW Certificate

Good morning
I write about the let’s encrypt service as a TsPlus plugin
(also named
I think a good solution is that of the https certificate which is renewed automatically, however I do not understand why I have to leave the server exposed in both http and https for the renewal of the certificate.

Would it be possible to have a list of IPs or FQDNs from which to leave both http and https open for the certificate renewal service?

If I analyze the traffic from the firewall,
it seems that the requests come from and,
but they are probably not the only hosts, because if I allow the traffic only from these 2, the automatic renewal is not successful.

Can anyone tell me where the requests (IP Address or FQDN) for the certificate renewal come from?

Please see the Let’s Encrypt answer to this question in the FAQ: