I write about the let’s encrypt service as a TsPlus plugin
(also named terminalserver.eu)
I think a good solution is that of the https certificate which is renewed automatically, however I do not understand why I have to leave the server exposed in both http and https for the renewal of the certificate.
Would it be possible to have a list of IPs or FQDNs from which to leave both http and https open for the certificate renewal service?
If I analyze the traffic from the firewall,
it seems that the requests come from outbound1.letsencrypt.org and outbound2.letsencrypt.org,
but they are probably not the only hosts, because if I allow the traffic only from these 2, the automatic renewal is not successful.
Can anyone tell me where the requests (IP Address or FQDN) for the certificate renewal come from?