It blocks unsophisticated resource waste mostly, as other commenters have said, just like changing an SSH port would.
> Either way, letsencrypt will probably have a somewhat fixed pool of these challenge validation IP addresses/ranges, so adding those to a white list should probably work with a strict firewall.
They won't publish the ranges as far as I've read.
> Either way, letsencrypt will probably have a somewhat fixed pool of these challenge validation IP addresses/ranges, so adding those to a white list should probably work with a strict firewall.
They won't publish the ranges as far as I've read.