Let's Encrypt use multiple IPs for verification
Dashrender last edited by
I had an error this morning that my FreePBX server failed when attempting to renew it's LE cert.
I tried manually updating via the FreePBX GUI - still failed. The errors seem to indicate that LE couldn't get to http:// on my server.
I went in search of information from LE to see if they added additional IPs/hosts that I need to add to my whitelist and found this.
Let's Encrypt plans to perform validation requests from a number of (possibly) unpredictable IP addresses in the future, in order to make spoofing validation requests harder. If you rely on a specific IP address being used, your deployment will break without any warning at some point.
huh - how does this help in spoofing?
Anyway, to solve my issue, I temporarily disabled the firewall, updated the cert and turned the firewall back on.