Certbot auto renew

Derek O keeffe derekokeeffe85 at yahoo.ie
Thu May 4 12:13:43 UTC 2023


Hi all,
We're having a problem with renewing letsencrypt certs via certbot in an external Neutron network where a security group is locking down HTTP+HTTPS access to select IP ranges. As far as we know the IP address for the Certbot ACME challenge server is always changing and therefore a static security group can't be set up to allow in traffic from that server. We have experimented with using UFW rules instead thinking we may be able to write a script to open port 80 periodically
to allow the ACME challenge through, then close it back up, but it hasn't worked as we'd hoped either (either all traffic is blocked or the security group immediately takes precedence). Is there any way to programmatically enable + disable a security group as needed using something like OpenstackSDK to achieve the same thing?
Thanks in advance.
Regards,Derek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230504/1540d338/attachment.htm>


More information about the openstack-discuss mailing list