Let's Encrypt - No Longer Recognized as "Known Bot"
Noticed that automatic certificate renewal failed for the first time in quite a while. Digging into it, I found that my firewall rule allowing through "Known Bots" was now blocking Let's Encrypt. I can create an exception in this rule specifically for LE, but then it is also blocked by "Bot Fight Mode" (free version). There's no way I see to disable (non-super) Bot Fight Mode using a custom rule or such, it is either on or off.
What needs to occur for Let's Encrypt to get back on the "Known Bots" list. Is this something LE themselves have to report to Cloudflare, or does Cloudflare maintain a list themselves?
7 Replies
LE itself is still on the Verified/Known Bots List:
https://radar.cloudflare.com/traffic/verified-bots
Out of curiosity, did you fail secondary validation?
From their ASN? Or how are you identifying that?
They don't publish a list of IPs themselves, and they have "secondary validation", using Cloud Servers (iirc just AWS in the EU) for "multi-perspective validation", which probably is failing
That looks like secondary validation? My understanding is those are not meant to be known/use a rotating list of IPs, not 100% sure on that though
Yes, I believe it is the secondary validation failing
Last successful renewal I had was on 03-31-2023
Then it started attempting yesterday and some of the requests I see going through, but others are blocked
If it worked before, it should probably continue to work / be verified
Could you send a screenshot of a blocked request from the Security -> Events tab? (i.e including ray id / ip / etc, probably fine if you blur your Host/domain name if you need to)
Sure, here is an example
just wanted another sample
I see the same though, it looks like their primary validation (in my case, one was Flexential, another CF BYoIP Customers) is marked as verified bots, but the secondary validation via AWS both IPv4 & IPv6 are not verified bots
Will ask about it
Thanks!
Was just wondering if any updates on this?