Can't connect to acme-v02.api.letsencrypt.org

Sivakumar · December 9, 2021, 7:38am

@JamesLE I post here because I think we have also our public IP blocked when we try re-new certificate. please can you check if this IP is blocked and unlock it if needed:

Pub IP Address: 51.15.121.96

Thanks a lot.

micropep · December 9, 2021, 7:45am

Thank you @JamesLE for processing my request, I can renew certificate now, and it work well !

dmitriyblok · December 9, 2021, 7:49pm

@JamesLE We have a suspicion that our IPs were blocked as well 18.246.31.224/28 and 35.162.54.42,
35.161.3.151, 35.162.23.98 We are getting connection timeouts starting at 7:00 UTC. Is it possible to check?

dmitriyblok · December 9, 2021, 9:00pm

It actually miraculously recovered. I initially suspected that some of our IPs from 18.246.31.224/28 range were blocked. It was difficult for me to test every one of them using your command above

Sivakumar · December 10, 2021, 1:16pm

@JamesLE I post here because I think we have also our public IP blocked when we try re-new certificate. please can you check if this IP is blocked and unlock it if needed:

Pub IP Address: 51.15.121.96

Thanks a lot.

Osiris · December 10, 2021, 3:10pm

@Sivakumar Please post the actual error message first, thank you.

otl_aisa · December 14, 2021, 8:34am

We are seeing a similar problem.

[root@aisa ~]# echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head
write:errno=104
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 254 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
[root@aisa ~]# echo | openssl s_client -connect google.com:443 | head
depth=3 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=*.google.com
   i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
 1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
   i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
 2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
DONE

Server addresses:
5.8.79.138
5.8.79.140

JamesLE · December 14, 2021, 8:08pm

We were blocking 5.8.79.138 (it's now unblocked), but none of the other new IP addresses in this thread.

rg305 · January 8, 2022, 11:44pm

A post was split to a new topic: Is my IP being blocked?

system · February 7, 2022, 11:45pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.