What IP should I allow to get certificates?

Bumjin · December 16, 2019, 5:18pm

Hi. Due to security, my server accepts only certain IPs and because of that it seems I got ‘Timeout during connection’ when I ran ‘certbot certonly --no-bootstrap’. Can I get the IP list to allow certbot’s access on my server?

My domain is: vorcloud.com

I ran this command: certbot certonly --no-bootstrap

It produced this output: ‘Timeout during connect (likely firewall problem)’

My web server is (include version): openlitespeed

The operating system my web server runs on is (include version): Linux CentOS 7.7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

Phil · December 16, 2019, 5:21pm

Hi @Bumjin,

Welcome the community forum!

Per the following document, we don’t publish a list of IP addresses we use to validate domains, and these IP addresses may change at any time. In the future we will be validating from multiple IP addresses at once.

rg305 · December 16, 2019, 5:44pm

You should allow port 80 from all IPs.
Catch it with a single config and redirect all traffic (except validation requests) to HTTPS.

system · January 15, 2020, 5:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.