But I have filled out the questionnaire in the original post! not sure what am I missing!
The test I ran says we are not able to connect to Let's Encrypt as it is being reset by peer. Hence, we wanted to check if our IP Address is blocked or not for some reason.
Thank you for the Let's Debug result, does this usually go away and fix on itself?
A blocked IP address is very rare. And, the error is usually different than "reset by peer". It has been so long that we have seen one I don't remember exactly what it was but something like "EOF". I do not think your IP is blocked.
Are you able to make other outbound requests? What do these show? You don't have to show every line. Just any error or the HTTP response code and any "server:" response header.
That is the status of Let's Encrypt itself. And, yes, those go away by themselves. It is just a warning that certain problems may be caused by LE and not your system.
It is just a display from this page which now shows all systems operational
root@ubuntusvr01:~# traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 _gateway (10.1.20.1) 0.666 ms * *
2 static-43-254-43-129.ctrls.in (43.254.43.129) 1.297 ms 1.504 ms 1.863 ms
3 198.18.21.45 (198.18.21.45) 1.840 ms 198.18.21.49 (198.18.21.49) 1.705 ms 198.18.21.45 (198.18.21.45) 1.908 ms
4 198.18.21.53 (198.18.21.53) 1.890 ms 198.18.21.57 (198.18.21.57) 4.469 ms 198.18.21.53 (198.18.21.53) 2.627 ms
5 198.18.23.165 (198.18.23.165) 2.612 ms 2.650 ms 125.19.192.89 (125.19.192.89) 4.403 ms
6 116.119.61.204 (116.119.61.204) 116.093 ms 116.119.57.80 (116.119.57.80) 129.526 ms 125.19.192.89 (125.19.192.89) 4.689 ms
7 116.119.57.88 (116.119.57.88) 117.855 ms * *
8 162.158.20.240 (162.158.20.240) 145.714 ms * 162.158.20.18 (162.158.20.18) 154.740 ms
9 172.65.32.248 (172.65.32.248) 145.663 ms 162.158.20.31 (162.158.20.31) 145.643 ms 146.677 ms
Trace looks good, and curl google and cloudflare is also good
I'm not really sure what to do with the outcome of those, one way or the other, but might be helpful for checking whether it's just the one specific part of Let's Encrypt's infrastructure or more than that.
That will send a http request to the https port (credit to @jcjones for helping me figure out how to route a http request into this)
If you get a 400 status code with this in it <head><title>400 The plain HTTP request was sent to HTTPS port</title></head>, that would suggest to me there is something wrong with your server's openssl implementation or configuration. If you get another dropped connection, you may need to contact Cloudflare (they could be rejecting your ip) or your ISP (potential networking issues) for further help.
Given the IP is not blocked by Let's Encrypt there must be something else doing that.
I know the traceroute reached the LE API. But, could some other security device be inspecting outgoing requests for specific URLs?
I'm not sure what these might tell us in this case but can you show results of below. I am also curious to see results from Peter's list a few posts back. We really are just trying things hoping to see something unexpected. That might help identify what exactly is blocking your request.
Try using HTTP to that domain but forcing port 443
(update: @jvanasco beat me to this one - we cross-posted )