Ah – the delights of the security dance.
This website, and others I maintain, use CloudFlare as the free front-end to safeguard against brute force and DDOS attacks. For several of these sites the geo-fencing is set to US only.
Last time round the certs failed to renew. Some troubleshooting, and the secondary challenge from the Let’s Encrypt ACME client was getting firewall denied at the Cloudflare side.
There is no allow-list of IPs, nor a single ASN to allow.
This FAQ from Let’s Encrypt is helpful – and I’ll probably need some process updates to make this more robust.
Recent Comments