Acme-v02.api.letsencrypt.org timeout

rcasunshare · April 14, 2024, 2:17pm

Hello, I am having problems renewing and obtaining new certificates. all the time I get time out because it doesn't respond acme-v02.api.letsencrypt.org

root@edge04:~# mtr -r acme-v02.api.letsencrypt.org
Start: 2024-04-14T10:13:07-0400
HOST: edge04.radiohdvivo.com Loss% Snt Last Avg Best Wrst StDev
1.|-- 104.223.83.81.static.quad 90.0% 10 84.1 84.1 84.1 84.1 0.0
2.|-- unassigned.quadranet.com 0.0% 10 0.2 0.3 0.2 0.4 0.0
3.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
4.|-- cloudflare-ic-363850.ip.t 0.0% 10 1.4 2.1 1.1 9.5 2.6
5.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
root@edge04:~#

linkp · April 14, 2024, 3:01pm

MikeMcQ · April 14, 2024, 3:05pm

As linkp showed connections to your domain are also failing (http port 80).

Can you make outbound requests to anything? What does this do?

curl -I https://google.com

rcasunshare · April 14, 2024, 8:49pm

root@edge04:~# curl -I https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-B_vPkDrOlYDj6jd-oHOhTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Sun, 14 Apr 2024 20:48:59 GMT
expires: Tue, 14 May 2024 20:48:59 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

root@edge04:~#

MikeMcQ · April 14, 2024, 9:21pm

Hmm. I thought the curl to google would likely fail.

What do these two show

curl https://www.cloudflare.com/cdn-cgi/trace
sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org

As for inbound HTTP to your domain, are you expecting those to fail?

rcasunshare · April 14, 2024, 10:07pm

The provider solved the problem, it told me that there was a DDoS attack in the /24 range

root@edge04:~# curl https://www.cloudflare.com/cdn-cgi/trace
fl=103f8
h=www.cloudflare.com
ip=104.223.83.82
ts=1713132362.208
visit_scheme=https
uag=curl/7.88.1
colo=TPA
sliver=none
http=http/2
loc=US
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519
root@edge04:~# traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 * * *
2 unassigned.quadranet.com (173.44.32.253) 0.194 ms 0.180 ms 0.167 ms
3 * * mai-b2-link.ip.twelve99.net (62.115.45.181) 0.792 ms
4 cloudflare-ic-363850.ip.twelve99-cust.net (62.115.167.113) 1.000 ms 0.988 ms 0.971 ms
5 108.162.211.232 (108.162.211.232) 1.991 ms 108.162.211.12 (108.162.211.12) 5.850 ms 108.162.211.232 (108.162.211.232) 2.045 ms
6 172.65.32.248 (172.65.32.248) 0.672 ms 0.350 ms 1.828 ms
root@edge04:~#

MikeMcQ · April 14, 2024, 10:18pm

Ok. Good. Thanks for letting us know.