Can’t connect to acme-v02.api.letsencrypt.org

jonahzheng · August 12, 2022, 7:08am

root@Wer# curl -v https://acme-v02.api.letsencrypt.org
*   Trying 172.65.32.248:443...
* TCP_NODELAY set
*   Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to acme-v02.api.letsencrypt.org:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to acme-v02.api.letsencrypt.org:443

please can you check if this IP is blocked and unlock it if needed :

8.142.119.91

Thanks a lot.

JamesLE · August 12, 2022, 8:44am

We're not blocking this IP address.

rg305 · August 12, 2022, 8:56pm

Looks like IPv6 is not usable:

IPv4 seems to be blocked:

Is there a firewall or IPS inline [that might be blocking]?

Rip · August 12, 2022, 11:00pm

I dunno Rudy but I can traceroute to the ip.
Alibaba.com Singapore E-Commerce Private Limited
And I get a 404 when browsing to the site:
Screenshot_2022-08-12_15-59-51
Just my observation.
(disable IPV6?)

rg305 · August 12, 2022, 11:05pm

Outbound rules don't always equal inbound rules.

You can see me... why can't I see you?

Rip · August 12, 2022, 11:13pm

OK so well... we don't have OS or firewall type. So how can we analyze outbound rules?
OP has seemed to omit a bunch of information in the initial questionnaire for the help category.
SORTA LIKE all info!
More info needed (Maybe not by @rg305 or @Osiris ) but I would like to see more info.

rg305 · August 12, 2022, 11:22pm

"Technically", the post was answered/solved with the first reply.
We are just going that extra mile [and a half]!

Rip · August 12, 2022, 11:25pm

Gee. Thanks. But there is still not a website to view. Maybe OP @jonahzheng will update us when he has a resolution. Loose threads YIKES!

jonahzheng · August 13, 2022, 5:20am

thank you every one.
@Rip now it is accessible.

jonahzheng · August 13, 2022, 5:28am

root@iot-91:~# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
An unexpected error occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
socket.timeout: _ssl.c:1114: The handshake operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python3.8/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 379, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=conn.timeout)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 330, in _raise_timeout
raise ReadTimeoutError(
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

jonahzheng · August 13, 2022, 5:29am

root@iot-91:~# traceroute -n -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 10.247.219.70 1.045 ms 1.066 ms 10.247.218.70 1.222 ms
2 * 11.73.15.181 1.308 ms 11.73.16.37 2.634 ms
3 11.95.19.105 1.732 ms 11.93.198.230 3.577 ms 11.54.243.77 1.677 ms
4 10.102.35.85 1.235 ms 103.52.84.202 1.420 ms 10.102.35.133 1.241 ms
5 116.251.94.154 5.904 ms 10.54.254.221 6.405 ms 116.251.125.242 6.203 ms
6 10.102.34.185 5.249 ms * 10.102.154.242 6.552 ms
7 106.38.196.229 6.183 ms 106.38.196.225 9.985 ms 106.38.196.29 20.028 ms
8 36.110.246.177 7.386 ms 36.110.247.61 9.136 ms 36.110.247.49 7.429 ms
9 202.97.94.186 22.404 ms 202.97.34.78 8.164 ms 202.97.34.74 7.705 ms
10 * 202.97.14.242 8.583 ms *
11 202.97.43.110 154.007 ms 160.922 ms 152.990 ms
12 218.30.53.214 254.082 ms 252.986 ms 305.412 ms
13 172.68.188.22 250.225 ms 162.158.164.4 256.782 ms 172.69.132.4 292.459 ms
14 * 172.65.32.248 248.118 ms 248.305 ms

jonahzheng · August 13, 2022, 5:40am

I will feed back to my service provider.

jonahzheng · August 15, 2022, 2:14am

@JamesLE @JamesLE @Rip
I have two servers in the same area,
one can access letsencrypt, other can not.
66666

system · September 14, 2022, 2:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.