ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Let's Encrypt use multiple IPs for verification

    IT Discussion
    1
    1
    271
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      I had an error this morning that my FreePBX server failed when attempting to renew it's LE cert.

      https://i.imgur.com/pdYsLRV.png

      I tried manually updating via the FreePBX GUI - still failed. The errors seem to indicate that LE couldn't get to http:// on my server.

      I went in search of information from LE to see if they added additional IPs/hosts that I need to add to my whitelist and found this.

      Let's Encrypt plans to perform validation requests from a number of (possibly) unpredictable IP addresses in the future, in order to make spoofing validation requests harder. If you rely on a specific IP address being used, your deployment will break without any warning at some point.

      huh - how does this help in spoofing?

      Anyway, to solve my issue, I temporarily disabled the firewall, updated the cert and turned the firewall back on.

      1 Reply Last reply Reply Quote 3
      • 1 / 1
      • First post
        Last post