English Forums > Tutorials and FAQs

LetsEncrypt - Whitelist

(1/7) > >>

astromeier:
The actual version you will find here:
https://raw.githubusercontent.com/astromeier/LetsEncrypt_Serverlist/main/LetsEncrypt_Server_list.txt
You can add an alias "URL table (IPs)" with this link.

The FQDN-List you'll find here:
https://raw.githubusercontent.com/astromeier/LetsEncrypt_Serverlist/main/LetsEncrypt_FQDN_list.txt


After having Problems with renewals of certificates I introduced this IP-Whitelist for LetsEncrypt Servers:
172.65.32.248 (Cloudflare)
18.194.58.132 (Amazon Cloud & A100 ROW GmbH , maybe FALSE)
18.224.20.83 (Amazon Cloud)
3.14.255.131 (Amazon Cloud)
34.209.232.166 (Amazon Cloud)
34.211.60.134 (Amazon Cloud)
52.15.254.228 (Amazon Cloud)
52.28.236.88 (Amazon Cloud & A100 ROW GmbH , maybe FALSE)
52.58.118.98 (Amazon Cloud)
64.78.149.164 (outbound2.letsencrypt.org )
66.133.109.36 (outbound1.letsencrypt.org )

The IPs from cloud services can change over time...

If you have IPs to add feel free....

astromeier:
add:
18.196.96.172 (amazon Cloud & A100 ROW GmbH)

updated List:
172.65.32.248 (Cloudflare)
18.194.58.132 (Amazon Cloud & A100 ROW GmbH , maybe FALSE)
18.196.96.172 (Amazon Cloud & A100 ROW GmbH)
18.224.20.83 (Amazon Cloud)
3.14.255.131 (Amazon Cloud)
34.209.232.166 (Amazon Cloud)
34.211.60.134 (Amazon Cloud)
52.15.254.228 (Amazon Cloud)
52.28.236.88 (Amazon Cloud & A100 ROW GmbH , maybe FALSE)
52.58.118.98 (Amazon Cloud)
64.78.149.164 (outbound2.letsencrypt.org )
66.133.109.36 (outbound1.letsencrypt.org )

astromeier:
52.28.236.88 (Amazon Cloud & A100 ROW GmbH) is proven NOT FALSE

I've seen some abuse entries in list like AbuseIPDB - but I'm sure that the whitelist is ok.
The logged acme challenges come from different servers and when the same challenge come from a letsencrypt server , too the whitelisting is ok.
So far only one entry could be false...

updated list:
172.65.32.248 (Cloudflare)
18.194.58.132 (Amazon Cloud & A100 ROW GmbH , maybe FALSE)
18.196.96.172 (Amazon Cloud & A100 ROW GmbH)
18.224.20.83 (Amazon Cloud)
3.14.255.131 (Amazon Cloud)
34.209.232.166 (Amazon Cloud)
34.211.60.134 (Amazon Cloud)
52.15.254.228 (Amazon Cloud)
52.28.236.88 (Amazon Cloud & A100 ROW GmbH)
52.58.118.98 (Amazon Cloud)
64.78.149.164 (outbound2.letsencrypt.org )
66.133.109.36 (outbound1.letsencrypt.org )

Julien:
have to use those ips if blocking GEOIP ?

astromeier:
Use this ip list as an alias for a rule to allow these (pass) in an upper position
I've two aliases Letsencrypt_FDQN and Letsencrypt_Server for upmost pass-rules:
See attached screenshot..
Set a hook at the item "quick" in the rules you create.
This ensures that they will not be blocked by following rules.

I've blocked non-EU traffic and in this blocklist some of the LetsEncrypt servers are listed.
This was the cause that my acme scripts failed to renew ....

Navigation

[0] Message Index

[#] Next page

Go to full version