As you can see in this traceroute log, I cannot reach acme-v02.api.letsencrypt.org 2. Is Cloudflare blocking me? What I can do?
traceroute acme-v02.api.letsencrypt.org 2
traceroute to ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248), 64 hops max, 42 byte packets
1 192.168.0.1 (192.168.0.1) 0.826 ms 0.987 ms 3.097 ms
2 10.36.192.1 (10.36.192.1) 18.363 ms 12.764 ms 8.192 ms
3 185.252.245.213.rev.sfr.net (213.245.252.185) 12.096 ms 7.078 ms 8.178 ms
4 253.237.154.77.rev.sfr.net (77.154.237.253) 13.729 ms 1.238.154.77.rev.sfr.net (77.154.238.1) 8.066 ms 253.237.154.77.rev.sfr.net (77.154.237.253) 13.122 ms
5 129.10.136.77.rev.sfr.net (77.136.10.129) 22.778 ms 21.042 ms 25.949 ms
6 129.10.136.77.rev.sfr.net (77.136.10.129) 21.701 ms 20.975 ms 32.161 ms
7 equinix-paris.cloudflare.com (195.42.144.143) 21.326 ms 22.789 ms 22.199 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
My domain is: slaanesh.org
I ran this command: doas acme-client -v slaanesh.org
It produced this output:
doas (killruana@harvest.slaanesh.org) password:
acme-client: /etc/ssl/slaanesh.org.fullchain.pem: certificate renewable: 26 days left
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: 172.65.32.248: connect: Operation timed out
acme-client: https://acme-v02.api.letsencrypt.org/directory: bad comm
acme-client: bad exit: netproc(86263): 1
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): OpenBSD 6.9
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): "6.9"
When using traceroutes without any other options, I too am getting those timeouts from a certain hop. However, if I run the traceroute using TCP packets with port 443 as destination, I'm getting a perfectly fine traceroute:
osiris@erazer ~ $ sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 4.244 ms 4.226 ms 4.222 ms
2 xxx.xs4all.net (x.x.x.x) 13.488 ms 13.483 ms 13.478 ms
3 xxx.xs4all.net (x.x.x.x) 15.814 ms 15.810 ms xxx.xs4all.net (x.x.x.x) 15.807 ms
4 0.et-1-1-0.xr1.sara.xs4all.net (194.109.5.1) 15.803 ms 0.et-1-1-0.xr1.tc2.xs4all.net (194.109.5.7) 17.188 ms 0.et-7-1-0.xr1.sara.xs4all.net (194.109.5.3) 17.184 ms
5 ams-ix.as13335.net (80.249.211.140) 20.330 ms 28.057 ms 21.453 ms
6 172.65.32.248 (172.65.32.248) 20.314 ms 12.885 ms 14.616 ms
osiris@erazer ~ $
I suggest you try that traceroute too, which might be more insightful.