My server is often attacked by bots hosted on Amazon servers. So I configured iptables to block the largest ip ranges from Amazon.
My problem is that let's encrypt use also Amazon servers to issue new SSL certificates, so it don't work on my server because of my ip filter.
How can i allow let's encrypt to issue certificates (by allow urls like domain.ext/.well-known/****) but block all other connexions from Amazon servers ?
On this server, i use iptables, mod_security, and fail2ban. iptable can't filter on url, so i think i must create custom rules on mod_security and/or fail2ban ?
Thanks, Fab
