/usr/bin/certbot renew IP whitelisting


I have the below cron entry on my remote linux server (CentOS Linux release 7.5.1804 (Core)) with restricted firewall rules.

0 2 1 * * /usr/bin/certbot renew --quiet --renew-hook “/usr/bin/gitlab-ctl restart nginx”

when i invoke the above cron entry it fails and looks like firewall restricts the incoming requests from remote letsencrypt validation servers. Do i need to IP whitelist letsencrypt validation servers and if it is the case what IP’s i need to allow?

Any help will be highly appreciable. Thanks in Advance.

Best Regards,


Hi @kaushalshriyan,

We've had a large number of threads asking this question, and the answer is that whitelisting the IP addresses is not supported by Let's Encrypt.

If you can't allow inbound connections from arbitrary IP addresses, you're requested to use the DNS-01 validation method instead of HTTP-01.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.