Can't connect to LE servers

Hello!

I'm trying to get a certificate to use on my local server (that is on my LAN), but every attempt to reach Let'sEncrypt servers results in an error, I can't connect to LE servers at all

curl -vvv acme-staging-v02.api.letsencrypt.org

* Host acme-staging-v02.api.letsencrypt.org:80 was resolved.
* IPv6: 2606:4700:60:0:f41b:d4fe:4325:6026
* IPv4: 172.65.46.172
*   Trying 172.65.46.172:80...
*   Trying [2606:4700:60:0:f41b:d4fe:4325:6026]:80...
* connect to 2606:4700:60:0:f41b:d4fe:4325:6026 port 80 from fdea:86b6:b97c:4:1ca5:4cea:8326:739b port 49245 failed: Network is unreachable
* connect to 172.65.46.172 port 80 from 10.0.0.123 port 49244 failed: Operation timed out
* Failed to connect to acme-staging-v02.api.letsencrypt.org port 80 after 75016 ms: Couldn't connect to server
* Closing connection
curl: (28) Failed to connect to acme-staging-v02.api.letsencrypt.org port 80 after 75016 ms: Couldn't connect to server

nslookup acme-staging-v02.api.letsencrypt.org

Server:		100.100.100.100
Address:	100.100.100.100#53

Non-authoritative answer:
acme-staging-v02.api.letsencrypt.org	canonical name = staging.api.letsencrypt.org.
staging.api.letsencrypt.org	canonical name = 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com.
Name:	56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com
Address: 172.65.46.172

I'd appreciate any help here!

encountered the same problem.

First, the Let's Encrypt production endpoint does not support HTTP connections. I didn't think Staging did either but from my own machine it redirects to HTTPS. So, you should have at least seen that with staging.

Do you get the same failure with production? But, using HTTPS

curl https://acme-v02.api.letsencrypt.org/directory

Also, what do these show

https://cloudflare.com/cdn-cgi/trace
sudo traceroute -T -p 443 acme-staging-v02.api.letsencrypt.org

I assume you have a suitable traceroute available. You didn't provide answers to the other questions on the form you were shown so I can only guess.

@damian Please start a new thread and answer as many of the questions on the form you will be shown. There are many possible causes of connection failures. And, almost always these are unique to the requesting system.

It is possible there is some kind of LE outage but one is not posted and I don't see any problem from my systems.

Even if it is a problem on LE side the debugging options to determine that usually varies between each person.

Thanks for replying!

yes! here is the result!

$ curl https://acme-v02.api.letsencrypt.org/directory
curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 75016 ms: Couldn't connect to server

As for the other two:

fl=358f1
h=cloudflare.com
ip=******
ts=1750730383.815
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:139.0) Gecko/20100101 Firefox/139.0
colo=***
sliver=005-tier3
http=http/2
loc=BR
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519MLKEM768

and about the traceroute command, with the -T it wouldn't run at all, so I removed it...

$ traceroute -p 443 acme-staging-v02.api.letsencrypt.org

traceroute to 56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com (172.65.46.172), 64 hops max, 40 byte packets
 1  10.0.0.1 (10.0.0.1)  0.878 ms  0.984 ms  1.148 ms
 2  192.168.1.1 (192.168.1.1)  1.474 ms  1.602 ms  0.992 ms
 3  * * *
 4  bd040d59.virtua.com.br (189.4.13.89)  5.697 ms  5.048 ms  5.044 ms
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
31  * * *
32  * * *
33  * * *
34  * * *
35  * * *
36  * * *
37  * * *
38  * * *
39  * * *
40  * * *
41  * * *
42  * * *
43  * * *
44  * * *
45  * * *

Sorry about that!

• My domain is: kovalski-cloud.com.br

• My web server is (include version): caddy v2.10

• The operating system my web server runs on is (include version): Proxmox (the container with caddy is running Debian 12)

• I can login to a root shell on my machine (yes or no, or I don't know): yes

• I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

• The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I'm not using certbot

Sorry, probably won't change the result but can you use curl for that

curl https://cloudflare.com/cdn-cgi/trace

The -T with a Linux traceroute is for a TCP test which is what we want. Otherwise it might be using UDP instead. Not sure why your system doesn't support that. Perhaps there is another package with a different traceroute?

Still, even with UDP that looks like a routing problem at a backbone network provider. Is virtual.com.br your ISP? Do you have any contacts there to ask about this problem?

yeah, same result as before...

I've ran traceroute on my server, but the result is also the same.

I'll try to contact them tomorrow and ask about this problem, if I discover something new, I'll it post here

Not sure if related, but I too had an email from my cron that Certbot had troubles with connecting to the ACME server:

Connection aborted.', ConnectionResetError(104, 'Connection reset by peer')

This was in the middle of the night, so I wasn't aware and didn't do any debugging whilst sleeping of course

Anyway, currently everything is working again, so might be a temporary network hick-up somewhere between here and LE.

Sorry for the lack of any replies

I couldn't get in touch with my ISP at all. BUT after some time has passed I can reach out to LetsEncrypt! It must've been the ISP all along, since I didn't do anything on my end...