This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country blocking exception for Let's Encrypt renewal

Hello,

can anyone tell me how to define a valid country blocking exception for the Let's Encrypt service?

With country blocking enabled I get the error:

Let's Encrypt certificate renewal failed accessing Let's Encrypt service

I tried it with an excetion on the DNS entry on letsencrypt.org (172.65.32.248) and acme-staging-v02.api.letsencrypt.org (172.65.46.172)

but this doesn't seem to be the right way,

Can anyone help me out please?



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Can you please check if you have configured the country blocking exception for the "letsencrypt.org" and "acme-staging-v02.api.letsencrypt.org" as per the highlighted entries in the following table?  

    Interface/remote host Requests Host/network Countries
    Local interface Coming from Enter a local interface address Choose countries to skip
    Local interface Going to Enter a local interface address Choose countries to skip
    Remote host (internal network) Coming from Enter an internal host/network Choose countries to skip
    Remote host (external network) Coming from Enter an external host Do not choose countries
    Remote host (internal network) Going to Enter an internal host/network Choose countries to skip
    Remote host (external network) Going to Enter an external host Do not choose countries

    You could find more information by navigating to Network Protection > Firewall > Country Blocking Exceptions and the click on the "?" on the top right of the page. 

    Thanks,

Reply
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Can you please check if you have configured the country blocking exception for the "letsencrypt.org" and "acme-staging-v02.api.letsencrypt.org" as per the highlighted entries in the following table?  

    Interface/remote host Requests Host/network Countries
    Local interface Coming from Enter a local interface address Choose countries to skip
    Local interface Going to Enter a local interface address Choose countries to skip
    Remote host (internal network) Coming from Enter an internal host/network Choose countries to skip
    Remote host (external network) Coming from Enter an external host Do not choose countries
    Remote host (internal network) Going to Enter an internal host/network Choose countries to skip
    Remote host (external network) Going to Enter an external host Do not choose countries

    You could find more information by navigating to Network Protection > Firewall > Country Blocking Exceptions and the click on the "?" on the top right of the page. 

    Thanks,

Children