Check if IP is blocked HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443):

OleksandrGrument · February 17, 2022, 11:51am

Hello, I have proble when I run command sudo certbot certonly --standalone

I'm getting:

An unexpected error occurred:
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)')))

I read a forum and looks like my IP is blocked (135.148.33.111)

openssl s_client -connect acme-v02.api.letsencrypt.org:443

CONNECTED(00000003)
write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 320 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

ubuntu@vps-acef6cd0:~$ echo | openssl s_client -connect google.com:443 | head
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
CONNECTED(00000003)

Certificate chain
0 s:CN = *.google.com
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA

DONE

Certify, Openssl and certbot (LAST VERSIONS)
OS Ubuntu 21.10

ezekiel · February 17, 2022, 4:05pm

Yes, this IP had been caught by a DDoS-detection pass. I have removed your IP from the block list. Please try again.

OleksandrGrument · February 17, 2022, 4:22pm

Thank you, all working now!

Osiris · February 17, 2022, 6:07pm

Is this a newly acquired IP address? I.e., new VPS from your hosting provider or something similar?

OleksandrGrument · February 17, 2022, 6:19pm

I own this vps with this IP for last 10 month

Osiris · February 17, 2022, 6:21pm

I believe the DDoS was from before that, so your VPS shouldn't be one of the infected zombies responsible I think.

OleksandrGrument · February 17, 2022, 6:34pm

Today I reinstalled full OS on vps from scratch. So it shouldn't!

Osiris · February 17, 2022, 6:35pm

Even if your host could/was be involved, it surely wouldn't be after that indeed Thanks for the feedback

system · March 19, 2022, 6:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Check if IP is blocked HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Help	9	772	October 26, 2023
My ip is apparently blocked Help	8	875	February 27, 2022
Is my IP being blocked? Help	9	1203	February 9, 2022
How can I check is my IP blocked? Help	8	3363	February 16, 2022
How can I check is my IP blocked or not? Help	9	1811	February 9, 2022

Check if IP is blocked HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443):

CONNECTED(00000003) write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 320 bytes Verification: OK

ubuntu@vps-acef6cd0:~$ echo | openssl s_client -connect google.com:443 | head depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = *.google.com verify return:1 CONNECTED(00000003)

Related topics

CONNECTED(00000003)
write:errno=104

SSL handshake has read 0 bytes and written 320 bytes
Verification: OK

ubuntu@vps-acef6cd0:~$ echo | openssl s_client -connect google.com:443 | head
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
CONNECTED(00000003)