Can't access acme-v02.api.letsencrypt.org from ColoCrossing


#1

Hello, my server ip seems blocked by acme-v02.api.letsencrypt.org, my server ip is 192.227.185.209

when ping acme-v02.api.letsencrypt.org from 192.227.185.209, I got response “PING e14990.dscx.akamaiedge.net (23.193.200.139) 56(84) bytes of data.” then wait forever there after.

Please help this, thanks


Customer support
#2

Hi,

PLEASE OPEN A NEW THREAD.
WHY INTERCEPTING OTHER’S ISSUE?
@lestaff can someone please spilt this and previous reply out?

Ping could never determine if your IP is being blocked by let’s encrypt…
Please try to curl let’s encrypt and see the output.

Thank you


#3

Hi. I split this into a new topic.

I’m always uncomfortable coming up with titles for other people’s posts. :worried:

Let’s Encrypt doesn’t block clients that way. I don’t think the CDN does, at least under normal circumstances.

I don’t have trouble using that edge IP from a different ISP in the region. :confused: (My resolver gives me a different PoP, though.)

What does, say, “mtr -brwz acme-v02.api.letsencrypt.org” show?

Are you able to access other things using Akamai’s CDN?


#4

Hi @gamingtips

there is busymart.ca as domain name. Is this your domain? If yes, the staging system of letsencrypt is able to connect your domain:

https://letsdebug.net/busymart.ca/4339?debug=y


#5

Yes, busymart.ca is my domain. I use vesta panel, I ried to get SSL certificate of busymart.ca from letsencrypt but failed.

ping /acme-staging-v02.api.letsencrypt.org from server failedm seems server ip blocked by /acme-staging-v02.api.letsencrypt.org

from https://letsdebug.net/busymart.ca/4339?debug=y , you can see the problem too under “LetsEncryptStaging” section


#6

No, this is not the problem. Let’s debug isn’t able to put a file on your webserver.

Let’s debug checks, if there is a 404 instead of a timeout, connection refused or something else (DNS-error).

Let’s debug creates an order, but isn’t able to change your webserver. That’s good :wink:


#7

Hi,

Ping doesn’t represent anything (since some server, like mine, rejects ping request)

Please try to connect via curl…

curl -I https://acme-v02.api.letsencrypt.org/directory

If this is not working for you… please reply.

Thank you


#8

Just tried curl -I https://acme-v02.api.letsencrypt.org/directory

After waiting for long, got this error message “curl: (7) couldn’t connect to host”

Thanks


#9

emm… That’s wierd…

Could you also check this command?
curl -I -v https://acme-v02.api.letsencrypt.org/directory

Thank you


#10

Same, can’t connect. Is it possible my server ip blocked by your end firewall ?


#11

My server only have IPV4 no IPV6 , will that casue problem?


#12

I don’t think let’s Encrypt is blocking your IP…

That would not cause this issue…

Just to confirm… Could you please try this command?
curl -I -v https://www.whitehouse.gov (whitehouse.gov is using akamai too… So I guess if your IP is being blocked, you might not be able to access Whitehouse.gov either)

Please also try curl -I -4 https://acme-v02.api.letsencrypt.org/directory

Thank you


#13

[root@busymart ~]# curl -I -v https://acme-v02.api.letsencrypt.org/directory

  • About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
  • Trying 23.193.200.139… Connection timed out
  • Trying 2600:141b:13:289::3a8e… Connection timed out
  • Trying 2600:141b:13:29a::3a8e… Connection timed out
  • couldn’t connect to host
  • Closing connection #0
    curl: (7) couldn’t connect to host

#14

tried whitehouse.gov, it is good, can connect and get response

but curl -I -4 https://acme-v02.api.letsencrypt.org/directory failed, can’t connect to


#15

Hi,

In this case, I could suggest to find a let’s encrypt staff to help you(and Ive pinged them)… @lestaff can someone please take a look at his issue?

Thank you


#16

Thanks, really appreciate


#17

Hi @gamingtips,

Could you provide some more debugging information for us to provide Akamai? If you could run the following commands from the affected server and share the output from each it would be very helpful:

curl http://ipv4.whatismyip.akamai.com/ ; echo
curl http://ipv6.whatismyip.akamai.com/ ; echo
dig +short whoami.ipv4.akahelp.net TXT
dig +short whoami.ipv6.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
mtr -c 20 -w -r acme-v02.api.letsencrypt.org

You may need to install a package to get the mtr command (I believe its mtr-tiny on Ubuntu/debian systems)


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.