Could not obtain directory: cURL error 7: Failed connect to acme-v02.api.letsencrypt.org:443; No route to host (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

Help
1

I tried renew ssl certificates for my domains, I get this error 'Could not obtain directory: cURL error 7: Failed connect to acme-v02.api.letsencrypt.org:443; No route to host (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)'

Example
My domain is: 7sdesign.com.tr

I ran this command: curl -v https://acme-v02.api.letsencrypt.org/directory

It produced this output:

* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
*   Trying 172.65.32.248...
* Connection timed out
*   Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
* No route to host
* Failed connect to acme-v02.api.letsencrypt.org:443; No route to host
* Closing connection 0
curl: (7) Failed connect to acme-v02.api.letsencrypt.org:443; No route to host

and

I ran this command: echo | openssl s_client -connect google.com:443 | head

It produced this output:

depth=3 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=*.google.com
   i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
 1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
   i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
 2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
DONE

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes(plesk)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't use it.

2

What if you'd try:

curl -v4 https://acme-v02.api.letsencrypt.org/directory

If that one succeeds, your IPv6 connectivity is broken.

3 Likes
3

Thank you for your help,

I tried this

curl -v4 https://acme-v02.api.letsencrypt.org/directory

and I got this

* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
*   Trying 172.65.32.248...
* Connection timed out
* Failed connect to acme-v02.api.letsencrypt.org:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to acme-v02.api.letsencrypt.org:443; Connection timed out
1 Like
4

How can I find out if my ip address is blocked by letsencrypt? :thinking:

5

The system is undergoing maintenance, could be that https://letsencrypt.status.io/

2 Likes
6

Please show:
netstat -nr

2 Likes
7

I have this problem in a long time. I looked to a lot of document and solutions, but I couldn't solve this problem.

8

Ok,

Here it is;

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         185.**.**.1     0.0.0.0         UG        0 0          0 ens160
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
185.**.**.0     0.0.0.0         255.255.255.0   U         0 0          0 ens160

I wrote '*' terms for security.

9

I don't see a routing issue.
Must be something else...

3 Likes
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.