Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
In this case is not necessary; because the issue was the external protection firewall that stop some ip’s that have problems with blacklist reputation and malware on it.
When we add this ip’s temporarily in a ACL, the process complete the validation of the acme-challenge, but we are not sure of have confidence of this ip’s from Amazon AWS.
We suppose that this ip’s are part of your content delivery network services.
In our perimeter protection service we had ACL for the next IP’s
With the before ACL, the service always work, but this stop working this week.
The next list of the ip’s; the we enter in the temporal ACL, to validate the renew or the create of the new certificate, but the info of IP’s apparently don’t have any relation with letsencrypt.org.
- 220.127.116.11 -> ec2-34-222-229-130.us-west-2.compute.amazonaws.com
- 18.104.22.168 -> (ec2-52-15-254-228.us-east-2.compute.amazonaws.com)
- 22.214.171.124 -> (ec2-34-209-232-166.us-west-2.compute.amazonaws.com)
Of Course after the renew/recreate cert; we disable the ACL because we don’t confidence on it, but when the renew time come, the automatic task will be fail.
Exist some list of the ip services, cname or something that tell us what are trusted and put it on a ACL?
I ran this command:
We use letsencrypt-win-simple.V126.96.36.199 and we change to win-acme.v188.8.131.522.x64.pluggable
wacs.exe --target manual --host domain.com --validation filesystem --webroot “C:\sites\www\demos\web” --store pemfiles --pemfilespath C:\sites\www\domain\ssl
It produced this output:
My web server is (include version): windows Server 2012
The operating system my web server runs on is (include version): Apache 2.4
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):