I have a suspicion that this is DPI working on one of the backbone providers.
curl -v https://acme-v02.api.letsencrypt.org
* Host acme-v02.api.letsencrypt.org:443 was resolved.
* IPv6: (none)
* IPv4: 172.65.32.248
* Trying 172.65.32.248:443...
* connect to 172.65.32.248 port 443 from 192.168.151.231 port 55402 failed: Connection timed out
* Failed to connect to acme-v02.api.letsencrypt.org port 443 after 134661 ms: Could not connect to server
* closing connection #0
curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 134661 ms: Could not connect to server
curl -v https://acme-v02.api.letsencrypt.org/directory
* Host acme-v02.api.letsencrypt.org:443 was resolved.
* IPv6: (none)
* IPv4: 172.65.32.248
* Trying 172.65.32.248:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: May 30 22:59:32 2026 GMT
* expire date: Aug 28 22:59:31 2026 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=YE2
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 3: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://acme-v02.api.letsencrypt.org/directory
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: acme-v02.api.letsencrypt.org]
* [HTTP/2] [1] [:path: /directory]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/8.14.1
> Accept: */*
>
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200
< server: nginx
< date: Tue, 09 Jun 2026 14:10:38 GMT
< content-type: application/json
< content-length: 1031
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
<
{
"bZpJgMIfOu4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
"tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.7-June-04-2026.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
curl -v https://valid.x1.test-certs.letsencrypt.org/
* Host valid.x1.test-certs.letsencrypt.org:443 was resolved.
* IPv6: (none)
* IPv4: 52.24.183.97, 52.34.89.55, 54.189.78.235
* Trying 52.24.183.97:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519MLKEM768 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject:
* start date: Jun 8 14:50:51 2026 GMT
* expire date: Jun 15 06:50:50 2026 GMT
* subjectAltName: host "valid.x1.test-certs.letsencrypt.org" matched cert's "valid.x1.test-certs.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=YR1
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 3: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to valid.x1.test-certs.letsencrypt.org (52.24.183.97) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://valid.x1.test-certs.letsencrypt.org/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: valid.x1.test-certs.letsencrypt.org]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: valid.x1.test-certs.letsencrypt.org
> User-Agent: curl/8.14.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 200
< content-type: text/plain; charset=utf-8
< content-length: 1938
< date: Tue, 09 Jun 2026 14:12:02 GMT
<
# valid.x1.test-certs.letsencrypt.org
## Test Web Page
This test website, valid.x1.test-certs.letsencrypt.org, is intended for
testing compatibility with Let's Encrypt certificates.
It is using a certificate issued by ISRG Root X1.
The certificate is valid.
## More Information
Find out more about Let's Encrypt at our homepage, https://letsencrypt.org/.
Other test websites and information about our certificate hierarchies is
available on our Chains of Trust documentation page:
https://letsencrypt.org/certificates/ ##
##
## ##
## ##
######
##########
#### ### ### ####
### ###
### ### ##################
### ### ## ##################
### ##### ####### ##### ####### #######
### ### ### ### ### ######## ########
### ######### ### ##### ######## ########
### ### ### ### ##################
######### ####### ### ##### ##################
#########
### ###
### ### #### ##### ### ## ### ### ######## #######
######### #### ### ### #### ### ### ### ### ###
### ### ### ### ### ### ### ### ### ###
### ### ### ### ### ##### ### ### ###
######### ### ### ##### ### ### ####### ###
### ###
#### ###
* Connection #0 to host valid.x1.test-certs.letsencrypt.org left intact
curl -v https://acme-v02.api.letsencrypt.org/acme/renewal-info/Hy81vkYUgs1Asa55LFV4-vfUaPs.Bn-YENv9T4bV5FfcfT9XGXsO
* Host acme-v02.api.letsencrypt.org:443 was resolved.
* IPv6: (none)
* IPv4: 172.65.32.248
* Trying 172.65.32.248:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: May 30 18:17:58 2026 GMT
* expire date: Aug 28 18:17:57 2026 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=YE1
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 3: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://acme-v02.api.letsencrypt.org/acme/renewal-info/Hy81vkYUgs1Asa55LFV4-vfUaPs.Bn-YENv9T4bV5FfcfT9XGXsO
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: acme-v02.api.letsencrypt.org]
* [HTTP/2] [1] [:path: /acme/renewal-info/Hy81vkYUgs1Asa55LFV4-vfUaPs.Bn-YENv9T4bV5FfcfT9XGXsO]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET /acme/renewal-info/Hy81vkYUgs1Asa55LFV4-vfUaPs.Bn-YENv9T4bV5FfcfT9XGXsO HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/8.14.1
> Accept: */*
>
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200
< server: nginx
< date: Tue, 09 Jun 2026 14:13:10 GMT
< content-type: application/json
< content-length: 101
< cache-control: public, max-age=0, no-cache
< link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
< retry-after: 24739
< x-frame-options: DENY
< strict-transport-security: max-age=604800
<
{
"suggestedWindow": {
"start": "2026-06-11T21:44:41Z",
"end": "2026-06-12T00:55:30Z"
}
* Connection #0 to host acme-v02.api.letsencrypt.org left intact