Acme-v02.api.letsencrypt.org no rote to host

nazbav · June 7, 2023, 2:16pm

What could be wrong with the router settings because of what requests are lost?

 sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte                                                                 packets
 1  _gateway (172.17.0.1)  0.239 ms  0.315 ms  0.373 ms
 2  _gateway (172.17.0.1)  2996.622 ms !H  2996.608 ms !H  2996.622 ms !H

We have a router with minimal settings and it is not clear what can block.

The router's internal network is 172.17.0.0...

172.17.0.1 -- it's a router

nazbav · June 7, 2023, 2:19pm

at the same time, everything works in the neighboring building. The router settings are similar.

sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte                                                            packets
 1  _gateway (172.17.0.1)  6.126 ms  6.177 ms  6.271 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  cloudflare-msk-gw.transtelecom.net (188.43.3.65)  26.715 ms  21.469 ms  23.2                                                           77 ms
 7  172.65.32.248 (172.65.32.248)  18.643 ms  18.670 ms  18.790 ms

Bruce5051 · June 7, 2023, 2:39pm

Hello @nazbav, welcome to the Let's Encrypt community.

Please see your route's manual and the community forum for the router.
This is not really a Let's Encrypt issue.

MikeMcQ · June 7, 2023, 2:44pm

Probably similar problem as here

Bruce5051 · June 7, 2023, 2:45pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

rg305 · June 7, 2023, 3:04pm

Can you printout the router's route table?

Osiris · June 7, 2023, 5:31pm

Might not entirely be the case, as in this thread here the traceroute actually ends up at the router at 172.17.0.1. In the post you've linked the issue seems to be at the host itself, while in this case that doesn't seem to be the case.

It's also a little bit strange that the same traceroute and same router (172.17.0.1) from the other building is just fine.

That said, as it is the router at 172.17.0.1 that is sending the "!H" errors ("host unreachable"), it is also the router where the debugging should be continued.

nazbav · June 8, 2023, 6:38am

Thank you for the hint. The system administrator, instead of setting redirection only for local addresses 172.17.., set it for 172...*

system · July 8, 2023, 6:39am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.