What IP addresses does Let's Encrypt use to validate AutoSSL certificates?

Question

What IP addresses does Let's Encrypt use to validate AutoSSL certificates?

Answer

Let's Encrypt does not publish a list of IP addresses used to validate, and the IP addresses may change at any time. More information can be found in Let's Encrypt's FAQ  on what UP addresses they used referenced below.

What IP addresses does Let’s Encrypt use to validate my web server?

Ticket Subject(s)

(paste the subject of the ticket here. upon adding the 4th ticket subject, submit article For Review after editing)

• SSL certificate issue cannot be completed/stuck

• let's encrypt autossl

• SSL cpanel not working

• certificate for “cpanel” on “server.beauty-luxury.org” will expire

• Installing Free SSL Certificate on the server's hostname

Customer Request Summary

(in a sentence or two, describe the issue from the perspective of the customer)

• I believe my firewall might be blocking validation requests from Let's Encrypt. What are the IPs from which they validate certs?

• could you please tell me which server or domain name or ip, autossl of cPanel contact when they request to let's encrypt certificates.

• The AutoSSL interface on cPanel isn't working, the certificate isn't getting installed.

• The certificate for the server's hostname is not renewing.

• Trying to install free SSL certificate on the servers hostname but its failing because the client is using Cloudflare for DNS.

Workarounds

(if no known workaround or no change to the existing workaround, simply link to the source ticket with a brief note such as "no workaround")

• https://cpanel.zendesk.com/agent/tickets/95047798 - Let's Encrypt doesn't publish their validation IPs.

• 95187844 The FAQ was provided that they do not proivde the IPs and that they use cloud services and may be adding additional cloud services I did provide the names used if they want to try  changing to what ever these resolve.

 _STAGING_SERVER => 'acme-staging-v02.api.letsencrypt.org',
_PRODUCTION_SERVER => 'acme-v02.api.letsencrypt.org',

That is from
/usr/local/cpanel/3rdparty/perl/536/cpanel-lib/Net/ACME2/LetsEncrypt.pm

• 95190271 Let's encrypt does not publish the IPs they use for DCV, every port might be open until the SSL certificate is installed

• 95248697 Open HTTP and HTTPS ports to all traffic to ensure DCV can complete. 

• [#95675303] Had to open up ports 80 and 443; they didn't want to keep ports open and asked for IPs to whitelist, but LE doesn't release those.

Links to relevant information or resources

(optional and no restrictions on sources)

• https://letsencrypt.org/docs/faq/

What IP addresses does Let’s Encrypt use to validate my web server?

https://letsencrypt.org/docs/faq/#what-ip-addresses-does-lets-encrypt-use-to-validate-my-web-server

We don’t publish a list of IP addresses we use to validate, and these IP addresses may change at any time. Note that we now validate from multiple IP addresses.

• [placeholder for source link]

• [placeholder for source link]

• [placeholder for source link]