no. I will call it what it is and shame anyone who uses weasel words to excuse the butchery of entire groups of people.

fuck anyone to hell if they choose to do otherwise.

agreed. you are using DNS-01 challenges. so the workflow is…

your local certbot machine initiates an https connection to the letsencrypt servers to start the DNS-01 challenge. during this HTTPS dialog, your local certbot is informed of the key material to insert into your DNS records. your local certbot then modifies your netcup DNS server (hosted remotely, not on your local network) with the keying material and the letsencrypt servers verify that the keys are actually there, proving that you control the domain. the letsencrypt serves then issue you the certificate (again, via HTTPS) and your local certbot stores it in your local host.

the issue is most likely stems from the initial HTTPS connection that certbot tries to make to the let’s encrypt servers. while your firewall allows this traffic out, it does not allow return traffic back in because of your explicit blocking of US (and perhaps other) based addresses.

even through your are using DNS for your domain autentocation, your local host - the machine running certbot - is unable to initiate the certificate transfer because of the firewall blocking return traffic.

the two external networks (and, therefore IP ranges/subnets/etc) that are important here are the let’s encrypt servers and the netcup DNS servers. certbot will have to talk to both of these in order to function.

not sure what you mean by external DNS

not hosting your own DNS server. specifically it sounds like your DNS server is hosted on your domain provider, not your own local network. you have set up certbot to automatically configure your remotely hosted DNS server for the DNS based renewal.

if DNS based recert was working before then it should be working now.

as I said in my edit, you are likely blocking the return https traffic from the US based let’s encrypt acme servers - so your initial diagnostic is correct. your local firewall is likely stopping the acme servers from talking back to your local host.

you are right back where you started, asking for info in how to allow-list the acme IP ranges. but at least we may now know why it is not working and you are seeing an https timeout even though you are using DNS based certificate renewals.

edit: typos

The DNS server/root isn’t in my home network

are you using external DNS hosting? is it in a (now) blocked country? if so, then your local certbot is unable to update the DNS server records (return traffic from your DNS host is being blocked by your iptables/nftables config).

error: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

yeah, that would suggest an https renewal method. had you previously configured web server renewal at all before switching over to DNS? any other suspicious notifications in the logs?

edit: in thinking about this a little more… the renewal has to be initiated by your host, and that is likely done via https (you talk https to the acme server and tell it you want a renewal by DNS). so, if you are blocking the acme servers then the same issue applies - no return traffic.

yeah, I’ll take them (whatever the hell they are) over ice/cbp any fucking day.

“now go forth and make the world a better place!”

the us auto market is seriously cooked. just on the economics alone, every repubiican should be up against the wall right now.

true multi-polar, here we come.

well, that puts a fine point on things now, doesn’t it kids…

was looking at phone options recently and, honestly, fairphone has become the only choice as a daily driver. I am now absolutely fine with the limited fairphone specs as a trade-off for a device I control as my own.

will keep older phones for any corp BS that I am forced to deal with. hopefully we can legislatively minimize the interactions.

“It is quick, but it’s high octane gasoline, and so a lot of them got burnt and it was an explosion.”

ummm… octane rating is measure of fuel stabilization, typically to prevent pre-detonation and other issues in highly tuned engines. as a measure of energy density higher octane fuel actually provides fewer BTUs than lower octane fuel.

when correctly paired with an appropriately tuned engine, higher octane fuel allows for more efficient file combustion and, by extension, less engine damage and potentially more overall power.

that quote makes it sound like higher octane = more burn damage. am I missing something here regarding high octane fuel burning on human skin?

I suppose the Woke DEI Communist Nazi Department of Environmental Resources Management and their ongoing installation of pumps to control the EVER WORSENING FLOODING is next into the woodchipper?

the stupid hurts. please make the stupid stop hurting so much.

damn stars littering everywhere.

after 2024 I finally accepted that the majority of voters around me will accept almost anything as long as their “comfy” little suburban lives are maintained for them by their overlords.

depressing as fuck.

the policy fell off.

a somewhat rare meme win here. congrats.

…and this is why massive concentrations of wealth must be outlawed - the sociopaths think they own the planet.

was referring to bernie’s use of the AI issue. I know nothing about yudkowsky. an interesting research or just ignore?

yup. agreed on your timeline.

I think its more about “meet the people where they are at”. “AI” is in the zeitgeist and is useful as a focal point for the fact that its a really small club and you ain’t in it.

helium

hydrogen. its currently fusing hydrogen to helium, but because its a fairly average size star, it will be unable to then fuse the helium into later fuels (carbon, neon, oxygen, silicon). so it expands, sheds off its outer layers and becomes a white dwarf, cooling down until its at ambient temperature as a black dwarf.

Edit: so a sun sized star can use helium as a secondary fuel, fusing it down to carbon after a helium flashover (but thats not where our star is at right now). the resulting white dwarf will be a combination of helium, carbon, oxygen and trace amounts of other elements.

bullshit.

next they are going to claim that “hostilities” only count during the time that munitions are exploding and physically dismembering children in Iranian schools.

edit: formatting