Hello! I have a Question about the Certificate Renewal on Synology.
I am using a website just for myself for some testing and stuff :).
I have all countrys blocked on my firewall except 1. The automatic renewal only works if let’s encrypt has access on port 80 and or 443?. I would like to only allow let’s encrypt to visit my NAS.
I also have a running mailserver with certificate.
Is there anyway i know which network or dns host i can give access to so the renewal works again?
no, there is no way. Letsencrypt uses different ip-addresses. See the FAQ:
What IP addresses does Let’s Encrypt use to validate my web server?
We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
So you have to open your firewall.
But you can restrict the access to the folder /.well-known/acme-challenge/
There your ACME-Client creats a special file which Letsencrypt loads.
but im gonna try this, and otherwise i will just open the NAS once in a while and manually renew the certificates