Whitelist hostnames for certbot validation?
Greetings, I’ve white listed the following hostnames to allow incoming port 80 connections - outbound1.letsencrypt.org outbound2.letsencrypt.org acme-v01.api.letsencrypt.org...
View ArticleWhitelist hostnames for certbot validation?
Let’s Encrypt’s policy is that you should allow all IPs to access the validation paths on your website instead of blocking or allowing individual IPs. The alternative is to use DNS validation (while...
View ArticleWhitelist hostnames for certbot validation?
Hello! I would rather not open port 80 as there’s no need for the world to access the site I’m installing a certificate on. I understand that IP addresses change, but my firewall has a feature to look...
View ArticleWhitelist hostnames for certbot validation?
Then don’t open port 80 and serve your website on 443 exclusively (that means no redirect!) Use --standalone and get your firewall to open and close port 80 with --pre-hook and --post-hook (read the...
View ArticleClik here to view.
Whitelist hostnames for certbot validation?
Rucio: I am not asking for IPs but hostnames which resolve to the multitude of IPs that could be attempting validation. In the past this was through the above hostnames, are you saying that has been...
View ArticleClik here to view.
Whitelist hostnames for certbot validation?
Just to clarify, not asking for reverse DNS, just forward DNS for IPs (as I said, I’m good with resolving whitelists to firewall rules). This was actually the documented approach back in the day,...
View ArticleWhitelist hostnames for certbot validation?
Unfortunately need port 80 for internal use. You mention to use port 443, but I also don’t want to expose 443 to the world as this is a PBX and the cert is needed for SIP TLS. Odd that whitelisting...
View ArticleClik here to view.
Whitelist hostnames for certbot validation?
If dns is not an option, and port 80 is needed, you might want to install nginx on there and use it to do two things: validate with certbot via http-01 (and the hooks for the firewall, etc); and...
View ArticleWhitelist hostnames for certbot validation?
I read the details and understand now why the change was called for. Hmm, I wish there was a non-exploitable way that a server can be verified without opening up ports to the world! I think I’ll...
View ArticleWhitelist hostnames for certbot validation?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed. Read full topic
View Article