I am trying to setup a Caddy server as a Let’s Encrypt-enabled proxy for a web application that is only accessible to hosts behind our firewall. The firewall is configured to block all requests from the Internet to this subnet, but allows for any internal hosts to access it. The firewall also allows all outbound requests out to the Internet from this subnet.
So, I want to find some way of re-configuring our firewall to allow Let’s Encrypt HTTP challenges, but continue to block all other requests from the Internet in to this subnet. Will whitelisting incoming requests from acme-v01.api.letsencrypt.org achieve this?