/usr/bin/certbot renew IP whitelisting

kaushalshriyan · September 4, 2018, 11:40pm

Hi,

I have the below cron entry on my remote linux server (CentOS Linux release 7.5.1804 (Core)) with restricted firewall rules.

0 2 1 * * /usr/bin/certbot renew --quiet --renew-hook “/usr/bin/gitlab-ctl restart nginx”

when i invoke the above cron entry it fails and looks like firewall restricts the incoming requests from remote letsencrypt validation servers. Do i need to IP whitelist letsencrypt validation servers and if it is the case what IP’s i need to allow?

Any help will be highly appreciable. Thanks in Advance.

Best Regards,

Kaushal

schoen · September 5, 2018, 12:01am

Hi @kaushalshriyan,

We've had a large number of threads asking this question, and the answer is that whitelisting the IP addresses is not supported by Let's Encrypt.

If you can't allow inbound connections from arbitrary IP addresses, you're requested to use the DNS-01 validation method instead of HTTP-01.

system · October 5, 2018, 12:01am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Whitelist LetsEncrypt Server IPs Help	19	9593	June 14, 2024
Certbot/Letsencrypt authenticator IP addresses Issuance Tech	3	4597	October 21, 2017
HTTPS Authentication behind a firewall Help	10	12746	June 30, 2019
Letsencrypt renewals for separate server Issuance Tech	3	2245	July 24, 2016
Whitelist hostnames for certbot validation? Help	9	25460	April 8, 2020

/usr/bin/certbot renew IP whitelisting

Related topics