Can't renew with certbot or Crypt::LE, Timeout during secondary validation (403 resolved)

Help
1

My domain is:
www.galionlibrary.org et al (see command below)

I ran this command (most recently; previously was attempting with certbot):
sudo /usr/local/bin/le.pl --key /root/letsencrypt/keys/account_key.pem --csr /root/letsencrypt/keys/gpl-domains.csr --csr-key /root/letsencrypt/keys/gpl-domains.key --crt /root/letsencrypt/certs/gpl-domains.crt --domains "www.galionlibrary.org,galionlibrary.org,www.galionlibrary.net,galionlibrary.net,www.galionlibrary.com,galionlibrary.com,cgi.galion.lib.oh.us,www.galion.lib.oh.us" --renew 30 --path /var/www/html/.well-known/acme-challenge --email [redacted here] --generate-missing --debug

It produced this output [the 600-second sleep is a customization that I introduced during debugging; it made no difference to the outcome]:
2024/04/22 12:10:51 [ Crypt::LE client v0.39 started. ]
2024/04/22 12:10:51 Loading an account key from /root/letsencrypt/keys/account_key.pem
2024/04/22 12:10:51 Account key loaded.
2024/04/22 12:10:51 Loading a CSR from /root/letsencrypt/keys/gpl-domains.csr
2024/04/22 12:10:51 Loaded domain names from CSR: www.galionlibrary.org, galionlibrary.org, www.galionlibrary.net, galio
nlibrary.net, www.galionlibrary.com, galionlibrary.com, cgi.galion.lib.oh.us, www.galion.lib.oh.us
2024/04/22 12:10:51 CSR loaded.
2024/04/22 12:10:51 CSR key loaded
2024/04/22 12:10:51 Checking certificate for expiration (website connection).
2024/04/22 12:10:51 Checking www.galionlibrary.org
2024/04/22 12:10:51 Expiration threshold set at 30 days, the certificate expires in 2 days - will be renewing.
2024/04/22 12:10:51 Account email has been set to 'jonadab@galionlibrary.org'
2024/04/22 12:10:51 Connecting to https://acme-staging-v02.api.letsencrypt.org/directory
2024/04/22 12:10:51 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
2024/04/22 12:10:52 Directory loaded successfully.
2024/04/22 12:10:52 Registering the account key
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
2024/04/22 12:10:52 Key is already registered, reg path: https://acme-staging-v02.api.letsencrypt.org/acme/acct/14535287
4.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/acct/145352874
2024/04/22 12:10:52 Account ID: 145352874
2024/04/22 12:10:52 Registration success: TOS change status - 0, new registration flag - 0.
2024/04/22 12:10:52 The key is already registered. ID: 145352874
2024/04/22 12:10:52 TOS has NOT been changed, no need to accept again.
2024/04/22 12:10:52 Current contact details: jonadab@galionlibrary.org
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/new-order
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/finalize/145352874/16084154694
2024/04/22 12:10:52 Could not finalize an order.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133054
2024/04/22 12:10:52 Received challenges for cgi.galion.lib.oh.us.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133064
2024/04/22 12:10:52 Received challenges for galionlibrary.com.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133074
2024/04/22 12:10:52 Received challenges for galionlibrary.net.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133084
2024/04/22 12:10:52 Received challenges for galionlibrary.org.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133094
2024/04/22 12:10:52 Received challenges for www.galion.lib.oh.us.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133104
2024/04/22 12:10:52 Received challenges for www.galionlibrary.com.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133114
2024/04/22 12:10:52 Received challenges for www.galionlibrary.net.
2024/04/22 12:10:52 Requesting challenge.
2024/04/22 12:10:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12105133124
2024/04/22 12:10:52 Received challenges for www.galionlibrary.org.
2024/04/22 12:10:52 Requested challenges for 8 domain(s).
2024/04/22 12:10:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/kiQaNqx-SO8UL-xZogWhns
4XOL8lIW_-980spcQWPYM' for domain 'www.galionlibrary.org'. Sleeping 600 seconds.
2024/04/22 12:20:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/MxYecldKr40koF11QZ-sA0
OteEwCSQAPtzqO8Q_Z1Y4' for domain 'galionlibrary.org'. Sleeping 600 seconds.
2024/04/22 12:30:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/1VPeZr51xd8BfgIbdGZf3E
kRi5WPY_t72-lT4mJ79j4' for domain 'www.galionlibrary.net'. Sleeping 600 seconds.
2024/04/22 12:40:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/epU9ruhu_xeoq1GUTpfNOk
bZBnW3QGlC22Qf9Ufa_sE' for domain 'galionlibrary.net'. Sleeping 600 seconds.
2024/04/22 12:50:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/KRx-CLOfth2jkt0XxMmJqQ
K2sgU8j0G3S-P5_fLfWIU' for domain 'www.galionlibrary.com'. Sleeping 600 seconds.
2024/04/22 13:00:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/j2s-UgksJo3nHjLG8IBpJD
Tjo9SD0aTj0Y_FHtw_Fp0' for domain 'galionlibrary.com'. Sleeping 600 seconds.
2024/04/22 13:10:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/c89ABfRbQA_zGfDidBZq3h
yTUzhMjlxnGkEx1D9Fk70' for domain 'cgi.galion.lib.oh.us'. Sleeping 600 seconds.
2024/04/22 13:20:52 Successfully saved a challenge file '/var/www/html/.well-known/acme-challenge/EvT95PKGqOhUDC5Ld0pwQd
-BLxfPXVrRw-VA-VAuw40' for domain 'www.galion.lib.oh.us'. Sleeping 600 seconds.
2024/04/22 13:30:52 Accepted challenges for 8 domain(s).
2024/04/22 13:30:52 Connecting to https://acme-staging-v02.api.letsencrypt.org/directory
2024/04/22 13:30:53 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
2024/04/22 13:30:53 Directory loaded successfully.
2024/04/22 13:30:53 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133124/vpyN4g
2024/04/22 13:30:53 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133124/vpyN4g
2024/04/22 13:30:55 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133124/vpyN4g
2024/04/22 13:30:55 Domain verification results for 'www.galionlibrary.org': error. During secondary validation: 66.213.
116.5: Invalid response from http://www.galionlibrary.org/.well-known/acme-challenge/kiQaNqx-SO8UL-xZogWhns4XOL8lIW_-980
spcQWPYM: 403
2024/04/22 13:30:55 You can now delete the '/var/www/html/.well-known/acme-challenge/kiQaNqx-SO8UL-xZogWhns4XOL8lIW_-980
spcQWPYM' file.
2024/04/22 13:30:55 Domain www.galionlibrary.org has failed verification (status code 200).
2024/04/22 13:30:55 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133084/t2Bs6w
2024/04/22 13:30:55 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133084/t2Bs6w
2024/04/22 13:30:57 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133084/t2Bs6w
2024/04/22 13:30:57 Domain verification results for 'galionlibrary.org': error. During secondary validation: 66.213.116.
5: Invalid response from http://galionlibrary.org/.well-known/acme-challenge/MxYecldKr40koF11QZ-sA0OteEwCSQAPtzqO8Q_Z1Y4
: 403
2024/04/22 13:30:57 You can now delete the '/var/www/html/.well-known/acme-challenge/MxYecldKr40koF11QZ-sA0OteEwCSQAPtzq
O8Q_Z1Y4' file.
2024/04/22 13:30:57 Domain galionlibrary.org has failed verification (status code 200).
2024/04/22 13:30:57 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133114/HwqDNw
2024/04/22 13:30:57 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133114/HwqDNw
2024/04/22 13:30:59 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133114/HwqDNw
2024/04/22 13:30:59 Domain verification results for 'www.galionlibrary.net': error. During secondary validation: 66.213.
116.5: Invalid response from http://www.galionlibrary.net/.well-known/acme-challenge/1VPeZr51xd8BfgIbdGZf3EkRi5WPY_t72-l
T4mJ79j4: 403
2024/04/22 13:30:59 You can now delete the '/var/www/html/.well-known/acme-challenge/1VPeZr51xd8BfgIbdGZf3EkRi5WPY_t72-l
T4mJ79j4' file.
2024/04/22 13:30:59 Domain www.galionlibrary.net has failed verification (status code 200).
2024/04/22 13:30:59 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133074/tbyQKQ
2024/04/22 13:30:59 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133074/tbyQKQ
2024/04/22 13:31:01 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133074/tbyQKQ
2024/04/22 13:31:01 Domain verification results for 'galionlibrary.net': error. During secondary validation: 66.213.116.
5: Invalid response from http://galionlibrary.net/.well-known/acme-challenge/epU9ruhu_xeoq1GUTpfNOkbZBnW3QGlC22Qf9Ufa_sE
: 403
2024/04/22 13:31:01 You can now delete the '/var/www/html/.well-known/acme-challenge/epU9ruhu_xeoq1GUTpfNOkbZBnW3QGlC22Q
f9Ufa_sE' file.
2024/04/22 13:31:01 Domain galionlibrary.net has failed verification (status code 200).
2024/04/22 13:31:01 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133104/yyR3QA
2024/04/22 13:31:02 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133104/yyR3QA
2024/04/22 13:31:04 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133104/yyR3QA
2024/04/22 13:31:04 Domain verification results for 'www.galionlibrary.com': error. During secondary validation: 66.213.
116.5: Invalid response from http://www.galionlibrary.com/.well-known/acme-challenge/KRx-CLOfth2jkt0XxMmJqQK2sgU8j0G3S-P
5_fLfWIU: 403
2024/04/22 13:31:04 You can now delete the '/var/www/html/.well-known/acme-challenge/KRx-CLOfth2jkt0XxMmJqQK2sgU8j0G3S-P
5_fLfWIU' file.
2024/04/22 13:31:04 Domain www.galionlibrary.com has failed verification (status code 200).
2024/04/22 13:31:04 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133064/Qg88UA
2024/04/22 13:31:04 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133064/Qg88UA
2024/04/22 13:31:06 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133064/Qg88UA
2024/04/22 13:31:06 Domain verification results for 'galionlibrary.com': error. During secondary validation: 66.213.116.
5: Invalid response from http://galionlibrary.com/.well-known/acme-challenge/j2s-UgksJo3nHjLG8IBpJDTjo9SD0aTj0Y_FHtw_Fp0
: 403
2024/04/22 13:31:06 You can now delete the '/var/www/html/.well-known/acme-challenge/j2s-UgksJo3nHjLG8IBpJDTjo9SD0aTj0Y_
FHtw_Fp0' file.
2024/04/22 13:31:06 Domain galionlibrary.com has failed verification (status code 200).
2024/04/22 13:31:06 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133054/skZGnw
2024/04/22 13:31:06 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133054/skZGnw
2024/04/22 13:31:08 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133054/skZGnw
2024/04/22 13:31:08 Domain verification results for 'cgi.galion.lib.oh.us': error. During secondary validation: 66.213.1
16.5: Invalid response from http://cgi.galion.lib.oh.us/.well-known/acme-challenge/c89ABfRbQA_zGfDidBZq3hyTUzhMjlxnGkEx1
D9Fk70: 403
2024/04/22 13:31:08 You can now delete the '/var/www/html/.well-known/acme-challenge/c89ABfRbQA_zGfDidBZq3hyTUzhMjlxnGkE
x1D9Fk70' file.
2024/04/22 13:31:08 Domain cgi.galion.lib.oh.us has failed verification (status code 200).
2024/04/22 13:31:08 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133094/WnZN-g
2024/04/22 13:31:09 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133094/WnZN-g
2024/04/22 13:31:11 Connecting to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12105133094/WnZN-g
2024/04/22 13:31:11 Domain verification results for 'www.galion.lib.oh.us': error. During secondary validation: 66.213.1
16.5: Invalid response from http://www.galion.lib.oh.us/.well-known/acme-challenge/EvT95PKGqOhUDC5Ld0pwQd-BLxfPXVrRw-VA-
VAuw40: 403
2024/04/22 13:31:11 You can now delete the '/var/www/html/.well-known/acme-challenge/EvT95PKGqOhUDC5Ld0pwQd-BLxfPXVrRw-V
A-VAuw40' file.
2024/04/22 13:31:11 Domain www.galion.lib.oh.us has failed verification (status code 200).
2024/04/22 13:31:11 All verifications failed
2024/04/22 13:31:11 All verifications failed

I have left the challenge files in place for now. (Can anyone someone outside the US empirically verify that they're accessible internationally? Everything I know says they should be, but yet we have this error. All the systems I have access to, in order to test, are physically located in America.)

My web server is (include version):
Apache 2.4.59-1~deb11u1

The operating system my web server runs on is (include version):
Devuan chimaera, as up-to-date as chimaera can be. I can update to daedalus if it has a meaningful chance of resolving the issue, but I do not think this is relevant.

My hosting provider, if applicable, is:
Galion Public Library
Upstream ISP is the OPLIN.

I can login to a root shell on my machine (yes or no, or I don't know):
Yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Does Emacs count?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Crypt::LE version 0.39
Also used certbot 1.12.0 with very similar results. When I ran into trouble I went looking for a Perl-based solution because it's easier for me to debug (e.g., I was able to absolutely confirm that the challenge files are being written where I think they're being written, with the permissions I think they should have, etc.; I didn't know how to do that with Python.) But I am pretty sure both programs are running into the same issue.

Web server's public IP address is 66.213.116.5

If we are doing any geoblocking, I am not aware of it (and I really really ought to be). I have thought about geoblocking incoming traffic on port 25 (specifically, to not receive any mail from APNIC space, as it's consistently all spam), but I haven't actually implemented that, and I have never had any reason to even consider geoblocking on ports 80 or 443. Admittedly, if OPLIN were geoblocking, I probably would not have noticed it until now. (How can I check that?) But I would not expect firewall-level geoblocking to result in a 403 response in any case, unless it's at the client's end of the connection. Apache, as far as I am aware, is not even capable of geoblocking. (Perhaps with a third-party module? But I haven't installed anything like that.)

I found one old forum thread that suggested incorrect AAAA records could result in this problem, but there shouldn't be (and as far as I know aren't) any AAAA records for any of our domains, as we have never used IPv6 for anything, and I don't think our connectivity provider (OPLIN) even supports IPv6. Also, we're getting the same error on all of our domains, and they don't all use the same authoritative DNS provider. (The .lib.oh.us domains have authoritative DNS provided by the state of Ohio, and the others have it from Network Solutions.)

2

A utility at www.comparitech.com claims that the site in question is accessible in mainland China. Though I don't know what methodology it uses to determine this.

3

If you had access log, can you get which IPs accesses those challenge domain before you uploaded this? (Forum user mayvisited after so before upload of this post)

3 Likes
4

That's a really good point. Let me have a look at that...

5

I get a 403 Forbidden from your server when testing from an AWS region in US East Coast. Could this be involved in the Let's Encrypt challenges failing too? Most of the LE server farms are in AWS

 curl -i http://www.galionlibrary.org/
HTTP/1.1 403 Forbidden
Content-Length: 312
Content-Type: text/html
Connection: Close

<HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD>
<BODY><center><b>Threat Prevention</b></center>
<p>This site is blocked because it violates network policy.</p><p>Host: www.galionlibrary.org</p><p>URI: /</p>
<p>Reason: Threat reputation No reputation</p>
<p>Please contact your network administrator</p></BODY></HTML>
2 Likes
6

This seems highly relevant, thanks for checking.

So does this mean that Amazon is blocking our site, for AWS users? For "Threat Prevention"?

I don't even.

3 Likes
7

Could also be a firewall on your premise or your ISP/hosting provider perhaps. Not necessarily AWS.

2 Likes
8

For the record, it appears that during the test, all access attempts to the .well-known directory came from a single IP address. I think this means that our Apache2 web server is not getting the requests from the secondary-validation servers and is not responsible for sending the 403.

9

Clearly this is failing due to some kind of GeoLocation block:

[that appears many times within the error log file]

1 Like
10

Agree. The response headers looked more like they came from some sort of firewall rather than Apache.

1 Like
11

Yes, but the 403 was also the error reported by the secondary site. Here is one example from a challenge URL

  "type": "http-01",
    "status": "invalid",
    "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "During secondary validation: 66.213.116.5: Invalid response from http://www.galion.lib.oh.us/.well-known/acme-challenge/EvT95PKGqOhUDC5Ld0pwQd-BLxfPXVrRw-VA-VAuw40: 403",
        "status": 403

Notice the "...VAuw40: 403" at the end of the detail message

It is not a timeout but most likely the same "Threat Prevention" response I showed earlier.

1 Like
12

We do have a firewall, and unfortunately it was recently installed and is a technology I'm not previously familiar with (something called Arista), so it's vaguely possible that it's doing something I don't fully understand. The config for the thing is pretty disorganized. (The company that sold us this specifically told me that it was an IP-tables-based firewall. I should have verified that before signing off on it, because it was a blatant lie.) However, I can access the challenge files from my house no problem. That's a completely different ISP from ours here. It seems really unlikely that our firewall would be blocking AWS from accessing our web server but allowing my house. And we haven't had any reports from patrons about not being able to access our website.

13

Well there are firewalls configed to block datacerter IPs

2 Likes
14

But something absolutely blocked a test request I issued using "curl" from an AWS EC2 instance.

Given you have a new firewall and this is a new problem ... :slight_smile:

The firewall seems blocking by reputation. How it could develop reputation by IP addresses that are used only by servers and often rotate is something to ask them.

Maybe it also looks at things like "user agent" strings to identify likely browsers versus simple bots. The LE server, and my curl test, would not have a user-agent like a browser.

3 Likes
15

It's not the user-agent. Tests with curl and wget work just fine e.g. from my house.

The people who installed the firewall definitely didn't say anything to me about it blocking datacenter IP addresses like AWS, but I don't entirely trust them, so I will attempt to look into that possibility. Though I have been all through the things settings and don't remember seeing any options like that.

1 Like
16

curl -i http://www.galionlibrary.org/
HTTP/1.1 403 Forbidden
Content-Length: 312
Content-Type: text/html
Connection: Close

403 ForbiddenThreat Prevention

This site is blocked because it violates network policy.

Host: www.galionlibrary.org

URI: /

Reason: Threat reputation No reputation

Please contact your network administrator

roo

It also blocks my cheapo random VPS, so it looks like it blocks datercenter ip by default

3 Likes
17

Gah.

Maybe I should give the web server a direct connection to the Juniper router and have it do its own firewalling with IP tables. Then I would know what traffic is and isn't blocked at our end.

18

Maybe these types of results can help:

traceroute to www.galionlibrary.org (66.213.116.5), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  12.240.208.58 (12.240.208.58)  47.866 ms  48.209 ms  48.561 ms
 6  cr2.ormfl.ip.att.net (12.123.6.50)  47.065 ms  44.589 ms  50.655 ms
 7  attga21crs.ip.att.net (12.122.28.197)  48.686 ms  50.343 ms  55.266 ms
 8  nsvtn22crs.ip.att.net (12.122.2.6)  48.937 ms  43.874 ms  42.032 ms
 9  cl2oh21crs.ip.att.net (12.122.2.49)  44.530 ms  44.434 ms  38.902 ms
10  cr82.clboh.ip.att.net (12.123.151.54)  38.590 ms  40.000 ms  44.380 ms
11  12.123.241.201 (12.123.241.201)  36.920 ms  38.610 ms  37.352 ms
12  12.55.45.234 (12.55.45.234)  40.088 ms  38.891 ms  41.417 ms
13  schrd-r5-et-2-0-4s100.core.oar.net (199.218.39.241)  41.416 ms clmbn-r4-et-2-1-1s100.core.oar.net (199.218.20.105)  41.317 ms  41.206 ms
14  clmbs-r7-et-0-3-0s100.core.oar.net (199.218.20.82)  41.284 ms  40.426 ms clmbs-r5-et-3-0-0s100.core.oar.net (199.218.20.33)  40.431 ms
15  199.218.243.1 (199.218.243.1)  38.381 ms  38.949 ms clmbs-r5-et-4-0-0s100.core.oar.net (199.218.20.29)  38.964 ms
16  10.213.11.62 (10.213.11.62)  41.334 ms  42.186 ms 199.218.243.1 (199.218.243.1)  38.828 ms
17  cgi.galion.lib.oh.us (66.213.116.5)  44.039 ms 10.213.11.62 (10.213.11.62)  42.012 ms cgi.galion.lib.oh.us (66.213.116.5)  42.657 ms
18  cgi.galion.lib.oh.us (66.213.116.5)  44.162 ms  43.226 ms  41.605 ms

@orangepizza, give that a go
OR try on port 80

3 Likes
19 
10  * * attga21crs.ip.att.net (12.122.28.197)  43.118 ms
11  nsvtn22crs.ip.att.net (12.122.2.6)  35.567 ms  38.945 ms *
12  32.130.17.83 (32.130.17.83)  36.376 ms  31.502 ms  34.799 m
s
13  cr82.clboh.ip.att.net (12.123.151.54)  29.071 ms  36.943 ms
  39.039 ms
14  12.123.241.201 (12.123.241.201)  29.509 ms  29.919 ms  29.9
01 ms
15  12.55.45.234 (12.55.45.234)  29.929 ms  29.893 ms  29.852 m
s
16  clmbn-r4-et-2-1-1s100.core.oar.net (199.218.20.105)  30.476
 ms  30.427 ms schrd-r5-et-2-0-4s100.core.oar.net (199.218.39.2
41)  29.900 ms
17  clmbs-r7-et-0-3-0s100.core.oar.net (199.218.20.82)  36.795
ms clmbs-r5-et-3-0-0s100.core.oar.net (199.218.20.33)  31.363 m
s  30.502 ms
18  199.218.243.1 (199.218.243.1)  31.150 ms clmbs-r5-et-4-0-0s
100.core.oar.net (199.218.20.29)  37.209 ms  30.722 ms
19  * * 199.218.243.1 (199.218.243.1)  37.766 ms
20  * * *
21  * * *
22  * * *
23  * * *

It stops at 199.218.243.1

2 Likes
20

After 199.218.243.1
So, this line/item is blocking you [but not me].

3 Likes