405 Method not Allowed - DOSarrest Internet Security

Using ACME v.2, I am getting “405 Method not Allowed - DOSarrest Internet Security” from the Let’s Encrypt server. What is this? I can not get the wildcard sertificate.

I am using the following command and getting the above mentioned respond:

./acme.sh —issue —dns —force -d *.paintinggallery.pro -d paintinggallery.pro

@jsha Is this an LE sided problem??

Yes, this is the respond from their server.

Do you get the same error with v1? Can you provide the full output from that command?

There is no problem with Acme v/1 since it is embeded into the ISP Lite 5 control panel, and I am not using any comand in Acme v/1 directly.

Here is the full log for you, mr. boss.

out.txt (35.9 KB)

PS I deleted acme v/2 and is using the sslforfree service instead because it is working ok.

That is odd! I’m not sure why you would be getting an error from DOSarrest, since it’s not a product we use. Do you use DOSarrest? Are you running this command from a personal PC or on a server?

Most probably this is my internet provider. I am using home server.

I checked my Internet provider. They responded that they are not using DOSarrest. Are you sure regarding your server plugins or hoster restrictions?

Could you show me what the output of the following is?

openssl s_client -connect acme-v02.api.letsencrypt.org:443 -servername acme-v02.api.letsencrypt.org -showcerts 2>/dev/null | openssl x509 -noout -subject -issuer -serial -hash

Unless the output of acme.sh is extremely misleading, it looks like there is an interception proxy sitting somewhere between you and acme-v02.

image_2018-03-21_14-40-19

I am in correspondence with the DOSarrest Support support@dosarrest.com to clearify this issue.

I’m not going to transcribe that entire serial number, but that does look like the correct certificate.

https://crt.sh/?id=356427568

Key word “look”: an MITM fake CA is perfectly capable of imitating a real certificate’s CN, serial number, and issuer details, though I don’t think they typically bother?

Apparently the hash is over the subject name, whoops, should have used the modulus :frowning: .

Really odd.

Dosarrest support responded:

“The log file you have provided was from March 16th. I have gone through
the logs and found that this IP did access an IP under our service
related to domain registration. It is like that part of the process
encountered a domain that had expired and was registered though that
clients service. I do not see any blocking action related to this
request since the events on the 16th reaching our service.”

My ip 88.200.167.9 is also banned on their contacts page: https://www.dosarrest.com/contact-sales/
And I do not know why. I am trying to get the answer from their support.

UPD:
“Currently this page does not allow IPs from Russia. The block is a Geo-IP based block, not a specific ACL block. Please feel free to forward any questions through support@dosarrest.com as we will be able to work with you on any network related issues faster though this contact.”

Can DOSarrest tell you what domain or URL was being accessed?

Perhaps one of the acme.sh DNS plugins, or a second instance of acme.sh doing something entirely different, ran at the same time, and made requests to some other service? And this isn’t about https://acme-v02.api.letsencrypt.org/ at all?

I don’t think any of acme.sh’s main DNS plugin API endpoints use DOSarrest, but I could be wrong, and I didn’t check the Lexicon plugins, and it could be something custom.

(Edit: Spelling issue.)

Your reply was forwarded to the DOSarrest support.

…Did you quote the part where I capitalized their name wrong? :zipper_mouth_face:

I think they will understand because I am telling the whole story to them providing the screenshot and the url to this page.