Community discussions

MikroTik App
 
manojlovicl
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Aug 18, 2014 11:48 pm

Let's Encrypt and dynamic Address List firewall rules

Tue Jan 03, 2023 12:11 am

Hi!

In this great video (https://www.youtube.com/watch?v=T1Dyg4_caa4), colleague Druvis Timma explains how to configure Let's Encrypt on MikroTik and also touches the problem about renewal and opening of the router's port 80 for Let's Encrypt verification.

After following the instructions I found out that one host (from which Let's Encrypt executes verification) is missing in the video (or at time of recording of the tutorial was not executing verification...) so if you want to have address list for Let's Encrypt hosts that are making verification on your router you should add:
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org
letsencrypt.org
outbound1c.letsencrypt.org - this one is not included in the video...

For now at least in Slovenia (could be that is somehow geo distributed?!?) adding this 1c helps - but I found out that there are outbound1 from a-j (outbound1j.letsencrypt.org) and outbound2 form a-j (outbound2j.letsencrypt.org)

I hope it helps someone.
Luka

Update: I am adding here all of them...
ip/firewall/address-list/add list=LE address=acme-staging-v02.api.letsencrypt.org
ip/firewall/address-list/add list=LE address=acme-v02.api.letsencrypt.org
ip/firewall/address-list/add list=LE address=letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1a.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1b.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1c.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1d.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1e.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1f.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1g.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1i.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound1j.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2a.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2b.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2c.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2d.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2e.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2f.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2g.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2i.letsencrypt.org
ip/firewall/address-list/add list=LE address=outbound2j.letsencrypt.org

Who is online

Users browsing this forum: Google [Bot], GoogleOther [Bot] and 60 guests