Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but …

Hi @njohnson01 , The best option would be not to geoblock. Let’s Encrypt does not publish IP Addresses as they may change at anytime. Presently (again subject to change at anytime) you need to let USA, Sweden, and Singapore through the firewall.

i can not just un geoblock as we are a government agency

Let's Encrypt does not publish the IP addresses of its auth servers. The IP addresses often change from one challenge to the next. I don't see any problems connecting to your domain. I can even connect using HTTPS and see your (expired) Sectigo cert. Sorry, I now see you allow only US sources to…

Possibly use another free ACME CA, might be your best choice. Edit: Here https://www.login.gov/ also a USA government agency seems to have no trouble using Let’s Encrypt. You might ask them about the firewall setup they are using; as you do work for the same employer internal coordination and com…

Of course, if you self-host your own 'acme-dns' you still want to geoblock that as much as you can. Just hygiene.

Your registered domain portagemi.gov uses a current Let's Encrypt cert SSL Checker Verify that your SSL certificate is installed correctly, identify installation issues if any. Maybe check with whoever manages that server and see what they do

I have it self hosting right now. still trying to find out what to do about a SSL that does not need geo block disabled to verify the cert

Can you update the DNS records for that domain? You could use a DNS Challenge. Although, I looked at your DNS providers website and don't see that they offer an API to update their records. So, you would be stuck doing a manual cert issuance every 60 days or so. We don't recommend manual process…

Hi @njohnson01 , Also this government agency might be helpful for you The HTTPS-Only Standard - HTTP Strict Transport Security Resources, best practices, and case studies for deploying HTTPS in the federal government. Their certificate [image] And [ima…

What ip address do i need to put in geoblock

Help

griffin June 11, 2024, 3:28pm 10

Welcome to the Let's Encrypt Community, @njohnson01!

You could put a higher exception in your firewall rules that allows all traffic only to the acme-challenge path for HTTP-01 challenges. Not like you face much, if any, risk from that.

Topic		Replies	Views
Firewall Geoblocking and LetsEncrypt Help	13	1073	March 27, 2025
Specify source country for http-01 challenge Feature Requests	14	3356	May 16, 2024
Public IP addresses of Issuance process Issuance Tech	6	472	May 22, 2025
My Server is Geoblocked and I don't have DNS or Firewall privileges Help	27	1293	June 15, 2024
Some challenges have failed due to geographic blocking Help	6	740	May 9, 2024

What ip address do i need to put in geoblock

Related topics