Connection refused acme-v02.api.letsencrypt.org:443

I can't access 'http://acme-v02.api.letsencrypt.org:443/' from my Cpanel/WHM server. It shows me 'Connection refused.' It seems my server IP is blocked by Let's Encrypt!

It is a Cpanel/WHM server with 200 websites that worked well until 2 days ago!

What can I do?

I ran this command:
wget acme-v02.api.letsencrypt.org:443

It produced this output:
http://acme-v02.api.letsencrypt.org:443/
Resolving acme-v02.api.letsencrypt.org (acme-v02.api.letsencrypt.org)... 51.68.165.81
Connecting to acme-v02.api.letsencrypt.org (acme-v02.api.letsencrypt.org)|51.68.165.81|:443... failed: Connection refused.

That is not a correct IP address for our API endpoint. What DNS resolver is your server using?

1 Like

Hi JamesLE,

Thank you for your quick reply!

Can you check my server's IP address? It seems it is blocked by your servers!

1 Like

No, it's not. The IP address your server is resolving for acme-v02.api.letsencrypt.org is not a correct IP address for our API endpoint. What DNS resolver is your server using?

2 Likes

CloudFlare!

dig acme-v02.api.letsencrypt.org:443

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 <<>> acme-v02.api.letsencrypt.org:443
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30296
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;acme-v02.api.letsencrypt.org:443. IN A

;; AUTHORITY SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2024051403 1800 900 604800 86400

;; Query time: 89 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed May 15 07:33:31 +0330 2024
;; MSG SIZE rcvd: 136

dig won't accept a port number. Try without the :443.

2 Likes

curl acme-v02.api.letsencrypt.org:443
curl: (7) Failed connect to acme-v02.api.letsencrypt.org:443; Connection refused

ping acme-v02.api.letsencrypt.org
PING 000webhost.com (51.68.165.81) 56(84) bytes of data.
64 bytes from 000webhost.com (51.68.165.81): icmp_seq=1 ttl=48 time=91.9 ms
64 bytes from 000webhost.com (51.68.165.81): icmp_seq=2 ttl=48 time=89.2 ms

Something is very wrong. Your server's DNS resolver is returning that IP address for acme-v02.api.letsencrypt.org incorrectly, and somehow also returning an incorrect reverse DNS lookup for that IP (there is no reverse DNS for it, let alone 000webhost.com). I'll leave this thread for others to help with further troubleshooting.

2 Likes

Hey James,

I found the problem. Your point was very helpful. We set up an application on our server for DNS management. I have since removed it, and I can now access your server. It was a DNS misconfiguration on our server.

Thank you so much!

4 Likes

I'm glad you resolved your DNS problem. Just for future reference you must use HTTPS for that end point. Attempts at using just HTTP like you tried will fail. Your curl should be like this

curl https://acme-v02.api.letsencrypt.org
3 Likes