Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME IP address or domain

    Scheduled Pinned Locked Moved
    ACME
    acme firewall pfsense
    3
    4
    353
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aes4096
      last edited by

      Hi all. Can you please tell me how to find out the list of all IP addresses and/or domains that ACME uses when it generates Let's Encrypt certificates? This is due to the fact that I use geopolitics for the HTTP protocol only for my country. And I would not like to open HTTP to the whole world, but only to those IP addresses and/or domains that are needed for ACME to work.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @aes4096
        last edited by johnpoz

        @aes4096 can you not just use dns method - then you don't have to open up anything.

        Not sure if they have a list, their DC sure - but pretty sure it does a check from multiple locations, etc.

        Here they say they don't publish it

        https://letsencrypt.org/docs/faq/#what-ip-addresses-does-let-s-encrypt-use-to-validate-my-web-server

        What IP addresses does Let’s Encrypt use to validate my web server?
        We don’t publish a list of IP addresses we use to validate, and these IP addresses may change at any time. Note that we now validate from multiple IP addresses.

        https://letsencrypt.org/2020/02/19/multi-perspective-validation

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        A 1 Reply Last reply Reply Quote 1
        • A
          aes4096 @johnpoz
          last edited by

          @johnpoz Yes, you are right. I can use the DNS method or purchase a Wildcard certificate with subdomain protection, which is more expensive.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @aes4096
            last edited by

            @aes4096 said in ACME IP address or domain:

            I can use the DNS method or purchase a Wildcard certificate with subdomain protection, which is more expensive.

            If you can use a DNS Method you can ask a wildcard certificate.
            Letsencrypt will still be free of use.

            If you own( = rent) a domain name, you control the domain. You are the only one being able to create sub domains.
            I can proof that : try creating aes4096.microsoft.com : good luck ^^

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • First post
              Last post