<html><head></head><body><div class="yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div dir="ltr" data-setdir="false">Hi all,</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><span class="ydp67cbf3c2ui-provider ydp67cbf3c2bvq ydp67cbf3c2bvr ydp67cbf3c2c ydp67cbf3c2d ydp67cbf3c2e ydp67cbf3c2f ydp67cbf3c2g ydp67cbf3c2h ydp67cbf3c2i ydp67cbf3c2j ydp67cbf3c2k ydp67cbf3c2l ydp67cbf3c2m ydp67cbf3c2n ydp67cbf3c2o ydp67cbf3c2p ydp67cbf3c2q ydp67cbf3c2r ydp67cbf3c2s ydp67cbf3c2t ydp67cbf3c2bvs ydp67cbf3c2bvt ydp67cbf3c2w ydp67cbf3c2x ydp67cbf3c2y ydp67cbf3c2z ydp67cbf3c2ab ydp67cbf3c2ac ydp67cbf3c2ae ydp67cbf3c2af ydp67cbf3c2ag ydp67cbf3c2ah ydp67cbf3c2ai ydp67cbf3c2aj ydp67cbf3c2ak" dir="ltr">We're having a problem with renewing letsencrypt certs via certbot in an external Neutron network where a security group is locking down HTTP+HTTPS access to select IP ranges. As far as we know the IP address for the Certbot ACME challenge server is always changing and therefore a static security group can't be set up to allow in traffic from that server. We have experimented with using UFW rules instead thinking we may be able to write a script to open port 80 periodically<br>
to allow the ACME challenge through, then close it back up, but it hasn't worked as we'd hoped either (either all traffic is blocked or the security group immediately takes precedence). Is there any way to programmatically enable + disable a security group as needed using something like OpenstackSDK to achieve the same thing?</span></div><div dir="ltr" data-setdir="false"><span class="ydp67cbf3c2ui-provider ydp67cbf3c2bvq ydp67cbf3c2bvr ydp67cbf3c2c ydp67cbf3c2d ydp67cbf3c2e ydp67cbf3c2f ydp67cbf3c2g ydp67cbf3c2h ydp67cbf3c2i ydp67cbf3c2j ydp67cbf3c2k ydp67cbf3c2l ydp67cbf3c2m ydp67cbf3c2n ydp67cbf3c2o ydp67cbf3c2p ydp67cbf3c2q ydp67cbf3c2r ydp67cbf3c2s ydp67cbf3c2t ydp67cbf3c2bvs ydp67cbf3c2bvt ydp67cbf3c2w ydp67cbf3c2x ydp67cbf3c2y ydp67cbf3c2z ydp67cbf3c2ab ydp67cbf3c2ac ydp67cbf3c2ae ydp67cbf3c2af ydp67cbf3c2ag ydp67cbf3c2ah ydp67cbf3c2ai ydp67cbf3c2aj ydp67cbf3c2ak" dir="ltr"><br></span></div><div dir="ltr" data-setdir="false"><span class="ydp67cbf3c2ui-provider ydp67cbf3c2bvq ydp67cbf3c2bvr ydp67cbf3c2c ydp67cbf3c2d ydp67cbf3c2e ydp67cbf3c2f ydp67cbf3c2g ydp67cbf3c2h ydp67cbf3c2i ydp67cbf3c2j ydp67cbf3c2k ydp67cbf3c2l ydp67cbf3c2m ydp67cbf3c2n ydp67cbf3c2o ydp67cbf3c2p ydp67cbf3c2q ydp67cbf3c2r ydp67cbf3c2s ydp67cbf3c2t ydp67cbf3c2bvs ydp67cbf3c2bvt ydp67cbf3c2w ydp67cbf3c2x ydp67cbf3c2y ydp67cbf3c2z ydp67cbf3c2ab ydp67cbf3c2ac ydp67cbf3c2ae ydp67cbf3c2af ydp67cbf3c2ag ydp67cbf3c2ah ydp67cbf3c2ai ydp67cbf3c2aj ydp67cbf3c2ak" dir="ltr">Thanks in advance.</span></div><div dir="ltr" data-setdir="false"><span class="ydp67cbf3c2ui-provider ydp67cbf3c2bvq ydp67cbf3c2bvr ydp67cbf3c2c ydp67cbf3c2d ydp67cbf3c2e ydp67cbf3c2f ydp67cbf3c2g ydp67cbf3c2h ydp67cbf3c2i ydp67cbf3c2j ydp67cbf3c2k ydp67cbf3c2l ydp67cbf3c2m ydp67cbf3c2n ydp67cbf3c2o ydp67cbf3c2p ydp67cbf3c2q ydp67cbf3c2r ydp67cbf3c2s ydp67cbf3c2t ydp67cbf3c2bvs ydp67cbf3c2bvt ydp67cbf3c2w ydp67cbf3c2x ydp67cbf3c2y ydp67cbf3c2z ydp67cbf3c2ab ydp67cbf3c2ac ydp67cbf3c2ae ydp67cbf3c2af ydp67cbf3c2ag ydp67cbf3c2ah ydp67cbf3c2ai ydp67cbf3c2aj ydp67cbf3c2ak" dir="ltr"><br></span></div><div dir="ltr" data-setdir="false"><span class="ydp67cbf3c2ui-provider ydp67cbf3c2bvq ydp67cbf3c2bvr ydp67cbf3c2c ydp67cbf3c2d ydp67cbf3c2e ydp67cbf3c2f ydp67cbf3c2g ydp67cbf3c2h ydp67cbf3c2i ydp67cbf3c2j ydp67cbf3c2k ydp67cbf3c2l ydp67cbf3c2m ydp67cbf3c2n ydp67cbf3c2o ydp67cbf3c2p ydp67cbf3c2q ydp67cbf3c2r ydp67cbf3c2s ydp67cbf3c2t ydp67cbf3c2bvs ydp67cbf3c2bvt ydp67cbf3c2w ydp67cbf3c2x ydp67cbf3c2y ydp67cbf3c2z ydp67cbf3c2ab ydp67cbf3c2ac ydp67cbf3c2ae ydp67cbf3c2af ydp67cbf3c2ag ydp67cbf3c2ah ydp67cbf3c2ai ydp67cbf3c2aj ydp67cbf3c2ak" dir="ltr">Regards,</span></div><div dir="ltr" data-setdir="false"><span class="ydp67cbf3c2ui-provider ydp67cbf3c2bvq ydp67cbf3c2bvr ydp67cbf3c2c ydp67cbf3c2d ydp67cbf3c2e ydp67cbf3c2f ydp67cbf3c2g ydp67cbf3c2h ydp67cbf3c2i ydp67cbf3c2j ydp67cbf3c2k ydp67cbf3c2l ydp67cbf3c2m ydp67cbf3c2n ydp67cbf3c2o ydp67cbf3c2p ydp67cbf3c2q ydp67cbf3c2r ydp67cbf3c2s ydp67cbf3c2t ydp67cbf3c2bvs ydp67cbf3c2bvt ydp67cbf3c2w ydp67cbf3c2x ydp67cbf3c2y ydp67cbf3c2z ydp67cbf3c2ab ydp67cbf3c2ac ydp67cbf3c2ae ydp67cbf3c2af ydp67cbf3c2ag ydp67cbf3c2ah ydp67cbf3c2ai ydp67cbf3c2aj ydp67cbf3c2ak" dir="ltr">Derek</span></div><br></div></div></body></html>