cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
Highlighted
New

GoDaddy SSL Validation server IP address list

Can anyone share a list of GoDaddy SSL Validation server IP addresses.

 

I've asked their technical support department but they don't seem to know.

 

This was the list 2 years ago (below) but it looks like the endpoint IP's are all different now.

 

Can anyone help please? Thanks.

 

Service

DNS Hostnames

Destination IPs

Port

CRL

crl.godaddy.com
certificates.godaddy.com
crl.starfieldtech.com
certificates.starfieldtech.com

72.167.18.237
72.167.18.238
72.167.239.237
72.167.239.238
188.121.36.237
188.121.36.238
182.50.136.237
182.50.136.238
50.63.243.228
50.63.243.229

tcp/80

OCSP

ocsp.godaddy.com
ocsp.starfieldtech.com

72.167.18.239
72.167.239.239
188.121.36.239
182.50.136.239
50.63.243.230

tcp/80

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Resolver III
Solution

Re: GoDaddy SSL Validation server IP address list

Hi,

 

Firstly, I'm not at all sure it's a good idea to use IP addresses instead of domain names. CRLs as well as OCSP responses are digitally signed and the content ensures freshness.

 

Nevertheless, you may find these links useful:

https://dnschecker.org/#A/crl.godaddy.com

https://dnschecker.org/#A/certificates.godaddy.com

https://dnschecker.org/#A/crl.starfieldtech.com

https://dnschecker.org/#A/certificates.starfieldtech.com

 

https://dnschecker.org/#A/ocsp.godaddy.com

https://dnschecker.org/#A/ocsp.starfieldtech.com

 

No IPv6 as far as I can see.

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

 

View solution in original post

4 REPLIES 4
Highlighted
Resolver III
Solution

Re: GoDaddy SSL Validation server IP address list

Hi,

 

Firstly, I'm not at all sure it's a good idea to use IP addresses instead of domain names. CRLs as well as OCSP responses are digitally signed and the content ensures freshness.

 

Nevertheless, you may find these links useful:

https://dnschecker.org/#A/crl.godaddy.com

https://dnschecker.org/#A/certificates.godaddy.com

https://dnschecker.org/#A/crl.starfieldtech.com

https://dnschecker.org/#A/certificates.starfieldtech.com

 

https://dnschecker.org/#A/ocsp.godaddy.com

https://dnschecker.org/#A/ocsp.starfieldtech.com

 

No IPv6 as far as I can see.

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

 

View solution in original post

Highlighted
New

Re: GoDaddy SSL Validation server IP address list

Hi Dan, many thanks that pretty much confirms what we have discovered so far.

Highlighted

Re: GoDaddy SSL Validation server IP address list

This may be a strange question, but, why does godaddy use port 80 for this type of traffic?

 

I work for a company where we need to open FW rules and am being asked why this traffic is not encrypted. Any help in explaining this would be appreciated. 

Highlighted
Resolver III

Re: GoDaddy SSL Validation server IP address list

Hi,

 

[I misunderstood the question and thought it's about validating certificate requests. As I chipped in to that one as well, I will keep this here 🙂 ]

 

The use of port 80 instead of 443 has been discussed as part of the standardization of the ACME protocol - which is a protocol for automatic certificate management (https://tools.ietf.org/html/rfc8555). So a simple answer is - that's what relevant standard says.

 

There is some reasoning behind it that takes into account how HTTPS / 443 is handled by some internet service providers. The bottom line is that it is possible for someone else to validate certificate requests for your domain.

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net