OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Tutorials and FAQs »
  • LetsEncrypt - Whitelist
« previous next »
  • Print
Pages: 1 [2]

Author Topic: LetsEncrypt - Whitelist  (Read 16813 times)

Ypsilon

  • Newbie
  • *
  • Posts: 13
  • Karma: 8
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #15 on: June 27, 2021, 11:13:53 am »
Thank you so much @astromeier.
Quite a list of ip numbers. The easiest way I found to add the full list, was to set all ip numbers in 1 line, separated by comma.
Then it's just a matter of clearing the list followed by copy pasting the line.
Logged

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #16 on: June 27, 2021, 08:11:57 pm »
Hi Ypsilon!
Thank you for that hint!
I'll post my list in addition in your proposed format like this:
Code: [Select]
172.65.32.248,18.116.86.117,18.184.114.154,18.184.29.122,18.194.58.132,18.196.96.172,18.196.102.134,18.197.97.115,18.222.145.89,18.224.20.83,18.236.228.243,3.14.255.131,3.19.56.43,3.120.130.29,3.122.178.200,3.128.26.105,3.142.122.14,3.143.223.150,3.67.34.92,34.209.232.166,34.211.6.84,34.211.60.134,34.222.229.130,52.15.254.228,52.28.236.88,52.58.118.98,52.39.4.59,54.189.22.122
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

Mks

  • Full Member
  • ***
  • Posts: 241
  • Karma: 17
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #17 on: June 28, 2021, 07:00:16 am »
Dear all,

I'm not using Let's encrypt, but may it is better to open a Github Repo to store the URLs, IPs there to use URL Tables as Alias input?
br
Logged

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #18 on: June 28, 2021, 10:04:58 pm »
Hi Mks - great idea!
I couldn't wait and realized it!
See my updated first post in this thread:

"The actual version you will find here:
https://raw.githubusercontent.com/astromeier/LetsEncrypt_Serverlist/main/LetsEncrypt_Server_list.txt
You can add an alias "URL table (IPs)" with this link."

The FQDN-List you'll find here:
https://raw.githubusercontent.com/astromeier/LetsEncrypt_Serverlist/main/LetsEncrypt_FQDN_list.txt
« Last Edit: June 28, 2021, 10:07:28 pm by astromeier »
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

Ypsilon

  • Newbie
  • *
  • Posts: 13
  • Karma: 8
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #19 on: June 28, 2021, 10:22:28 pm »
Even better, thanks.
I will keep an eye on the changes via my rss reader. I could ask for releases, but commits can be monitored just fine on github. :)
Logged

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #20 on: June 28, 2021, 10:42:50 pm »
Hi Ypsilon
If you want opnsense to load the actual version automagically:
Add an alias with type "URL table (IPs)" with this github-link:
https://raw.githubusercontent.com/astromeier/LetsEncrypt_Serverlist/main/LetsEncrypt_Server_list.txt
and give a reload time periond like once a day....

In the whitelist-rule you just have to give the name of the alias and the rule is constantly up to date...

So you don't need to keep an eye on the changes...
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

Ypsilon

  • Newbie
  • *
  • Posts: 13
  • Karma: 8
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #21 on: June 28, 2021, 11:10:48 pm »
I understand astromeier and already made the changes.
It's just that I want to monitor things that can change automatically on my firewall.
That's why I have also subscribed to the emergingthreats mailinglist so I keep an eye on that too.
Logged

Julien

  • Hero Member
  • *****
  • Posts: 647
  • Karma: 32
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #22 on: July 18, 2021, 10:47:48 pm »
is no need to use the FQDN rules anymores just the IP ?
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #23 on: July 19, 2021, 11:28:34 am »
Hi Julien,
since LE states that IP addresses can change over time I keep the known FQDN rules active "for safety".
You're right: this is a redundancy...
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #24 on: September 15, 2021, 09:08:22 pm »
Updated;
FQDN-List you'll find here:
https://raw.githubusercontent.com/astromeier/LetsEncrypt_Serverlist/main/LetsEncrypt_FQDN_list.txt
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

Ypsilon

  • Newbie
  • *
  • Posts: 13
  • Karma: 8
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #25 on: April 18, 2022, 10:14:50 pm »
Hi astromeier.
There are several new ip addresses, not yet included in your maintained list.
So I already created a github issue in your repo:
https://github.com/astromeier/LetsEncrypt_Serverlist/issues/2

Thanks if you add them to your list. For the moment I keep them in my own extra alias list, after witch the validation process went fine again.
Logged

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #26 on: April 18, 2022, 10:43:13 pm »
Hi, i did a quick check and found at least 4 abusive IPs (checked with https://www.abuseipdb.com).
All residual addresses could be candidates - I'll check them the next weeks.

The IPs of A100 ROW are good candidates!

Please do the same and cross-check the HA-Proxy-Log for acme accesses with correct key (same as challenge)
Thanks for contribution!
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #27 on: April 20, 2022, 12:05:33 pm »
Hi!
I could confirm 6 new IPs - the serverlist @ github is now up to date!
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

Ypsilon

  • Newbie
  • *
  • Posts: 13
  • Karma: 8
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #28 on: April 20, 2022, 12:13:11 pm »
Thank you!
Logged

astromeier

  • Jr. Member
  • **
  • Posts: 84
  • Karma: 9
    • View Profile
Re: LetsEncrypt - Whitelist
« Reply #29 on: June 28, 2022, 10:33:25 pm »
Some new addresses popped up the last days - Github is updated.
... seems that LE changed a number of the verification servers.

Same occured in June of the last year.....
« Last Edit: June 28, 2022, 10:39:04 pm by astromeier »
Logged
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

  • Print
Pages: 1 [2]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Tutorials and FAQs »
  • LetsEncrypt - Whitelist
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2