Connection Reset by Peer Issue / IP Blocked

mgkphyo · July 26, 2023, 9:57am

2023-07-26 17:06:34,978:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/249134282317:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTg2MjIyMTE2IiwgIm5vbmNlIjogIjE1QzlxVWFWZjVaUmFhbHl1VDJNR2EzYm44N3p3VGUwMEcxYTR2bGZ6bkxOZjhJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDkxMzQyODIzMTcifQ",
  "signature": "J_1GSQCW8-cFVtOHPpCWV7oWmeDWnxYQzY50TY-IgAR1jfLGDZhlums3AhuTOdd3G5-CYmUVorpr7Wp7lyYWPURDixUy2Tai2lQj2ONde2rjI0XH5NWdQgO9ldsSWfJq2a6l46kKX6HUqiBEgkqYnPjOGfZuznF7Zeo0igIIRsk-8FEMKUjx1qsrcq9vzCJj5WmDkL2nIDW8H6MycWksePXNT_u9sUrvl86BYILKE42esnwG2QrKaa_biz6ZZRrkWN6VS7FjnGdJtccp4d3-uzxg4yAjtItY6RYNBie8Zydr72SbnD7tAd7YU43rzYDS107z2zIm5jpRfQ8yWByWVA",
  "payload": ""
}
2023-07-26 17:06:35,236:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/249134282317 HTTP/1.1" 200 1027
2023-07-26 17:06:35,236:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 26 Jul 2023 10:35:48 GMT
Content-Type: application/json
Content-Length: 1027
Connection: keep-alive
Boulder-Requester: 586222116
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 327CT4vEKs23O7XSfnSYNf9IFYw-hFFnWCz_HuTBebn0LWk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.dtm.gov.mm"
  },
  "status": "invalid",
  "expires": "2023-08-02T10:34:12Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "103.89.50.15: Fetching http://www.dtm.gov.mm/.well-known/acme-challenge/3pflhrMf6EMUyQZTCjz9B9Ix3GPR_uy74GMrTG1QvNU: Connection reset by peer",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/249134282317/uAjfIg",
      "token": "3pflhrMf6EMUyQZTCjz9B9Ix3GPR_uy74GMrTG1QvNU",
      "validationRecord": [
        {
          "url": "http://www.dtm.gov.mm/.well-known/acme-challenge/3pflhrMf6EMUyQZTCjz9B9Ix3GPR_uy74GMrTG1QvNU",
          "hostname": "www.dtm.gov.mm",
          "port": "80",
          "addressesResolved": [
            "103.89.50.15"
          ],
          "addressUsed": "103.89.50.15"
        }
      ],
      "validated": "2023-07-26T10:35:44Z"
    }
  ]
}
2023-07-26 17:06:35,236:DEBUG:acme.client:Storing nonce: 327CT4vEKs23O7XSfnSYNf9IFYw-hFFnWCz_HuTBebn0LWk
2023-07-26 17:06:35,237:INFO:certbot._internal.auth_handler:Challenge failed for domain www.dtm.gov.mm
2023-07-26 17:06:35,237:INFO:certbot._internal.auth_handler:http-01 challenge for www.dtm.gov.mm
2023-07-26 17:06:35,237:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: www.dtm.gov.mm
  Type:   connection
  Detail: 103.89.50.15: Fetching http://www.dtm.gov.mm/.well-known/acme-challenge/3pflhrMf6EMUyQZTCjz9B9Ix3GPR_uy74GMrTG1QvNU: Connection reset by peer

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

Please kindly check my server IP was blocked?

Osiris · July 26, 2023, 10:01am

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · July 26, 2023, 2:05pm

You are connecting to the Let's Encrypt servers successfully. This means you are not blocked by Let's Encrypt

But, the Let's Encrypt servers are not able to connect to you. You are blocking Let's Encrypt with a "reset by peer" error from your system.

I also failed to connect with a "reset by peer" error connecting to your "home" page using HTTP. But, after one reset failure subsequent requests worked. I see an Apache server (v2.4.37) running on CentOS (also using php 7.2 and drupal 7).

But, if I waited 5 minutes after the last successful request I again received a "reset by peer" error followed by more successful requests (see below).

These "reset by peer" errors are preventing you from satisfying the Let's Encrypt HTTP Challenge but also might be interfering with others using your website.

We have seen this pattern multiple times over the last several months but only with sites hosted on GoDaddy. Is your site on a service owned by them?

Your best option is to find why these "reset" errors happen and fix them. But, other options are:

Use the Let's Encrypt DNS Challenge.
Try a different free ACME Certificate Authority (CA) (maybe Google or ZeroSSL)
Purchase a certificate which uses a different way to verify your domain name

From my own test server:

date
Wed Jul 26 13:52:15 UTC 2023

curl -I http://www.dtm.gov.mm
curl: (56) Recv failure: Connection reset by peer

curl -I http://www.dtm.gov.mm
HTTP/1.1 200 OK
Date: Wed, 26 Jul 2023 13:53:08 GMT
Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k
X-Powered-By: PHP/7.2.24
X-Generator: Drupal 7 (http://drupal.org)
(other headers omitted)

Osiris · July 26, 2023, 2:10pm

If I check the whois of the IP address, it seems to be owned by "Cyber Security Department" / "Dept. of Information Technology & Cyber Security" of Myanmar. Soooooo, "self hosted"?

This might be due to some firewall trying to block spammers by blocking the first connection attempt, @mgkphyo might want to ask their IT department for more information regarding this behaviour.

MikeMcQ · July 26, 2023, 2:19pm

Agree. And it would be wonderful if they find the firewall that is doing this and tell us. I think it is likely a similar firewall or device at these other sites and this would give us better info to help them.

mgkphyo · July 27, 2023, 3:57am

I will check with datacenter IT department for this case. Thank you and appreciate your support.

mgkphyo · July 27, 2023, 5:32am

I've checked with datacenter IT department and they found out because of the DDOS server blocked it. Now, it's solved.

Thank you and appreciate your support.

MikeMcQ · July 28, 2023, 6:24pm

Can you share any more details of this DDOS server?

Like its brand, model, software system and/or version?

We have seen an increasing number of similar problems in last few months. It's possible you are the first to have identified the exact cause. It would be great if we knew more details to share with future people.

Thanks

system · August 27, 2023, 6:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.