Certbot -d with error - IP Blocked?

Hi, guys.

After install certbot and tried to install a certificate, we got this error:

An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Could you help us?

Can you show results of these:

curl -I https://acme-v02.api.letsencrypt.org/directory

curl -I https://cloudflare.com

curl -I https://google.com

Also, I moved your post to the Help section. You would have been shown the below questions. Please answer as much as you can


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


The output:

curl -I https://acme-v02.api.letsencrypt.org/directory
:: curl: (7) Failed to connect to acme-v02.api.letsencrypt.org port 443: No route to host
curl -I https://cloudflare.com
:: HTTP/2 301 
date: Tue, 03 Oct 2023 19:18:10 GMT
location: https://www.cloudflare.com/
cache-control: max-age=3600
expires: Tue, 03 Oct 2023 20:18:10 GMT
set-cookie: __cf_bm=xb27tW8Jx12OcFf1HEjWR8l_In5lcDtxZ.P_9dkFnA0-1696360690-0-AUUdapfIGcYT304F67vVM4qP/4lPTsbFRl5loH3DWK3N+TI4yyfLaEzyMM5OzUgKJeMG2gbntN66F80NHkI5BiI=; path=/; expires=Tue, 03-Oct-23 19:48:10 GMT; domain=.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfWRJfCiTrsNR%2B%2FseS7UDSl4s1kqcscPe%2FoUxOKklYEK5MqVqDuLGUW06PwKfvfQOlZUTFtDcmZIq1juwRwGbvUKbiI8RQA7AXmPhrrxdSdbUlQxheZAs3guwkwayRHv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000; includeSubDomains
server: cloudflare
cf-ray: 81078788985fa4de-GRU
alt-svc: h3=":443"; ma=86400
curl -I https://google.com
:: HTTP/2 301 
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-R34tJj5o864nQZOV7WZbeQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Tue, 03 Oct 2023 19:18:16 GMT
expires: Thu, 02 Nov 2023 19:18:16 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

And, what about this

sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org

And this

netstat -nr

That's a local routing problem.

If netstat hasn't been installed, try showing:
ip route


traceroute -T -p 443 acme-v02.api.letsencrypt.org
:: traceroute to acme-v02.api.letsencrypt.org (, 30 hops max, 60 byte packets
1 ------ ( 3105.753 ms !H 3105.123 ms !H 3105.038 ms !H

netstat -nr
:: Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface UG 0 0 0 ens3 U 0 0 0 ens3 U 0 0 0 ens4

Well, uh, that's your problem. You're trying to send everything starting with 172 to that interface. I'm guessing it's supposed to be much narrower than that, since only is designated as private IP space. Some of Let's Encrypt's servers are in the public space of 172.


Yes, and specifically this one :slight_smile:


Thanks guys.

We did some changes in our ifcfg and the problem was solved.

Thank you so much.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.