[Suggestion] List of IP addresses LE is connecting from

Today I created my first LE certificate and here is my short feedback/suggestion; I used manual mode, to complete the process I was told to create a static page or run a python script. The python script wasn’t my default choice as it needs port 80 (means it require elevated permissions + stopping the existing process listening on port 80).

So my suggestion is that LE will provide a list of IP addresses that the validation is made from, system administrators will set a firewall rules to redirect traffic comes from these IP address to the port the python script listen on.

for example ( is the server’s external IP, is one of LE ip addresses, 5050 is the port the python script listens on):

/sbin/iptables -t nat -A PREROUTING -i eth0 -s -d -p tcp --dport 80 -j DNAT --to

Notice, the machine you ran the ‘letsencrypt-auto’ script is also connecting to the python script (performing pre-validation [?], proof of work [?]), so you will need to add a rule for that machine’s ip address also.