LetsEncrypt and Firewalls

You may want to create some firewall rules to allow only LetsEncrypt to get to your port 80
or if you live in a country other than the US, you may want to filter HTTPS to only your country

BUT LetsEncrypt moves its IP addresses around intentionally for security reasons

need to create allow rules for the following DNS entris

acme-v01.api.letsencrypt.org
acme-staging.api.letsencrypt.org
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org

sduncan