special firewall rules that opens port 80 for 30 minutes and disable location filter for that time
… I saw something like this … but can’t find it again
… now found it: Let's Encrypt - Location filter and firewall rule (command) - #3 by pablo78
… I began this … and it’s very tedious to add all countries to the list
Is there a way to ADD ALL COUNTRIES with 3…4 clicks to the list??
install and configure Lets Encrypt at IPFire ?
… this would be the better way - we have to search …
Option A is not really an alternative in my case because I’ve already set up Option B that uses the IPFire package Dehydrated for creating and verifying LE certs.
Option B causes this issue on my side, because of active location blocks for all countries but Germany.
A bash script starts the certs renewal process and so far the script removed the location block for the US beforehand.
For some unknown reasons, this is not working anymore and I suspect that LE now uses other countries IP addresses other than US for the challenging process.
I quick test, revealed this is true. I stopped location blocking at its whole and the challenge process worked like a charm.
Basically this means, I don’t know each country which LE uses and that I have to remove from location block and I do not know how to switch off location blocking completely for the time LE needs access to IPFire web server.
Someone made a comment about the location block somewhere that made me rethink the way I was using the location block.
So I made a location group instead.
And use the location block for the worst places like XD.not sure how much this effects anything. It gets the job done.
Yes. Either way.
You can make multiple location groups with different access.
So as a example
Ipfire location group access all countries except XD.
User location group access Germany
XD could be blocked by location block