Test Server Reachability Details?

[shanelord01]

Hi - wondering if you could share details on how "Test Server Reachability" under SSL works?

I'd like to setup geo blocks on my firewall, but I'd like to allow this test through to ensure cert renewal works. Are there IP addresses I can whitelist?

[the1ts]

Companies and orgs don't like to give this information out as it can often change outside of their control, in some cloud providers for example. As to how it works, letsencrypt reach out to a specially formed url on http not https. The way around this is to use the DNS authentication method, that means your endpoints aren't hit by letsencrypt at all so can remain hidden as much as you need/want/like.

[shanelord01]

Companies and orgs don't like to give this information out as it can often change outside of their control, in some cloud providers for example. As to how it works, letsencrypt reach out to a specially formed url on http not https. The way around this is to use the DNS authentication method, that means your endpoints aren't hit by letsencrypt at all so can remain hidden as much as you need/want/like.

Thanks. Unfortunately my domain is currently on Google Domains (not cloud) so no DNS Auth method.

[the1ts]

@shanelord01 you can use cloudflare for DNS (cloudflare talk you through the process of changing NS records) and still use google domains to handle the domain registration side. Its what I do for a .app domain which is only available to register from google. Then you get the best of both worlds.