Info: Let's Encrypt Validation Failures for HTTP domain validation

If you are suddenly receiving an error about HTTP Validation or Secondary Validation when using http validation please note that Let’s Encrypt recently added more global “perspectives” to their http validation process. Let's Encrypt is adding two new remote perspectives for domain validation - #3 by lenaunderwood - API Announcements - Let's Encrypt Community Support

This means they are using more servers across the world to check your domain. If you are seeing a new renewal error for “secondary validation” then you are filtering incoming http traffic on specific IP ranges or using a geo-blocking filter or security application.

The fix is to remove your IP/country filtering for incoming http. If your firewall is content/application aware then you can optionally allow all incoming http (tcp port 80) /.well-known/acme-challenge/* requests.

If you cannot remove your country/IP specific filtering then you will either need to change CA or use DNS domain validation instead of HTTP domain validation. We do not control Let’s Encrypts domain validation process and cannot fix the problem on your behalf.