New Sophos Support Phone Numbers in Effect July 1st, 2023

WebServer Protection Access Control vs Let's Encrypt

I have a website which I DO want to have a public IP and routing, as well as a valid certificate, but which must only be accessible from internal resources.

To that end I've set up Access Control, granting only certain local networks access and I though this is a done-deal, and that I don't need to do anything else. To my surprise a few nights ago I got a notification email that the site's LE certificate has failed to renew.

The logs show the LE process, when attempting to access the ACME challenge, is getting a 403 error, which would coincide with what an external user gets when trying to access the site.

...I was sure this was working before! If it never was (I may have generated the certificate prior to setting the site up) - can I have a website that's got a valid LE certificate and a public DNS but is only accessible from local network?