Specific URL’s/IP’s that Let’s Encrypt provide for Certificate Validation

I need to know specific URL’s and IP’s that Let’s Encrypt provide for Certificate Validation of a CLIENT machine.


Do you mean a client as “ACME Client” (such as Certbot client), or a client as “Web client” such as “Chrome Browser”/“curl” ?

Hi @evancamilleri

please read

the part about http-01 challenges.

So it's configuration- and order-specific.

example Chrome.

The SSL certificate is working 100% OK with all clients but one of them has some firewall filtering and needs the IP addresses that Let’s Encrypt needs for certificate validation.

1 Like

@JuergenAuer as I understand it CHALLENGE is required by the server. I need the IPs to put in a firewall for a client to allow only those specific URLs

There is no such ip list.

Please read the FAQ:

What IP addresses does Let’s Encrypt use to validate my web server?

We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.


Web clients may need to contact Let’s Encrypt OCSP server (for example, http://ocsp.int-x3.letsencrypt.org). If you also control the server, you can use OCSP stapling to avoid that: the web server regularly contacts Let’s Encrypt server to fetch the proof of validity, and can show it to the web client.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.