I have a client I am busy helping with a setup. For security reasons he does not want open access to port 80 and 443 for the sites I am busy configuring as they are client portals to which he only wants to allow certain IP’s or ranges to access.
As a result webroot authentication has been failing but he has now opened up access for me on port 80 and 443 for all IP’s so I can complete his setup tomorrow morning.
Once I am done tomorrow he will be closing the ports again and only allowing specific IP’s access. So this will rule out a cron job to check for and do certificate renewals which is not optimal and will become tiresome for the client in the future having to open ports, do renewals and then close ports again, especially once there are multiple certificates.
Is there a set of IP’s or an IP block I can provide the client to allow permanent access from LE’s authentication servers?