@JamesLE I post here because I think we have also our public IP blocked when we try re-new certificate. please can you check if this IP is blocked and unlock it if needed:
Pub IP Address: 51.15.121.96
Thanks a lot.
@JamesLE I post here because I think we have also our public IP blocked when we try re-new certificate. please can you check if this IP is blocked and unlock it if needed:
Pub IP Address: 51.15.121.96
Thanks a lot.
Thank you @JamesLE for processing my request, I can renew certificate now, and it work well !
@JamesLE We have a suspicion that our IPs were blocked as well 18.246.31.224/28 and 35.162.54.42,
35.161.3.151, 35.162.23.98 We are getting connection timeouts starting at 7:00 UTC. Is it possible to check?
It actually miraculously recovered. I initially suspected that some of our IPs from 18.246.31.224/28 range were blocked. It was difficult for me to test every one of them using your command above
@JamesLE I post here because I think we have also our public IP blocked when we try re-new certificate. please can you check if this IP is blocked and unlock it if needed:
Pub IP Address: 51.15.121.96
Thanks a lot.
We are seeing a similar problem.
[root@aisa ~]# echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head
write:errno=104
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 254 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
[root@aisa ~]# echo | openssl s_client -connect google.com:443 | head
depth=3 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=*.google.com
i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
DONE
Server addresses:
5.8.79.138
5.8.79.140
We were blocking 5.8.79.138 (it's now unblocked), but none of the other new IP addresses in this thread.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.