My domain is: hemphealth.cc
I ran this command:
sudo certbot --nginx -d hemphealth.cc -d www.hemphealth.cc
It produced this output:
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org ', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')")))
My web server is (include version):
NGINX 1.18.0
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
OVH US
I can login to a root shell on my machine:
Yes
I'm using a control panel to manage my site:
No
The version of my client is:
certbot 0.40.0
I am going to assume that this is just a DDOS mitigation issue given that OVH tends to have a lot of blocked IP's. How can I proceed?
2 Likes
Osiris
August 14, 2021, 8:26pm
2
_netwolf:
How can I proceed?
We probably need the help of @lestaff to check if your IP address is blocked indeed.
3 Likes
Yup; it looks like the "temporary" blocking described in this thread:
3 Likes
Awesome, thank you for your help.
3 Likes
rg305
August 14, 2021, 8:28pm
5
Try:curl -v https://acme-v02.api.letsencrypt.org/directorycurl -I https://acme-v02.api.letsencrypt.org/directory
2 Likes
I went ahead and ran the command, this is the output:
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443
I am assuming it's a blocked ip, just a waiting game atm, thank you all for your help
3 Likes
Osiris
August 14, 2021, 8:32pm
7
Which is to be expected if requests also couldn't connect. Let's wait until the LE staff has decided if the IP is blocked or not. @_netwolf You might be asked to PM the IP address involved.
4 Likes
rg305
August 14, 2021, 8:34pm
8
It seems that way.curl is working with another test:curl -I https://google.com/
Then we can be even more sure - LOL
3 Likes
One can never be too sure, might just ping google to verify.
3 Likes
Yes, we had blocked this IP address as part of mitigating a DDoS attack. It's unblocked now. If you've had this IP address for more than a couple of months, then it's likely that your system is compromised and you'll need to thoroughly investigate.
6 Likes
Yep, the service was started 8-14-2021 at 1200 CST. OVH is notoriously bad with responding to tickets, thank you for helping me out.
5 Likes
system
September 14, 2021, 7:40am
12
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
