Comment on TIL - Caddy
effward@lemmy.world 1 week ago
My ingress firewall blocks the cert renewal challenge requests because they always come from countries that I blanket block, which requires me to keep an eye on it and disable blocking on certain countries to allow the renewals to happen, then re-enable blocking… Let’s Encrypt (somewhat understandably) doesn’t publish the list of IPs that they will use for the challenge requests, so I’m not sure if there’s a better solution. Anyone dealt with this?
forbiddenlake@lemmy.world 1 week ago
Use the DNS challenge instead? You’ll need a DNS provider with an API though
4am@lemm.ee 1 week ago
Does Caddy use certbot to do the renewal? A long time ago DNS was a pain but now it seems like a lot of providers are supported.
effward@lemmy.world 1 week ago
Huh, I didn’t know about this option. I’ll check it out. Thanks!