On Wednesday February 19th, 2020 we’ll turn on stricter validation requirements in production. We’ll make multiple validation requests from different network perspectives.

Most issuance should continue as normal; we believe that a small number of domain names may need fixing. The most common issue will be hosts that use extremely strict firewall rules to allow validation from only specified IP addresses.

Previously only one validation request from one of our primary datacentres was required. After Feb 19th we will make four total validation requests (1 from a primary datacentre, and 3 from remote datacentres). The primary request and at least 2 of the 3 remote requests must receive the correct challenge response value for the domain to be considered authorized.
In the future we will continue to evaluate adding more network perspectives and may change the number and required threshold.