If you can reach the server [by any means] on port 443, then your IP is NOT being blocked.
Yes, that is a logical conclusion.
There is no need to "check" it.
3 Likes
What about the same case? Nobody asked there if TS could reach the server. But the error was exactly the same.
Do you NOT understand how you showed proof that your IP is NOT being blocked?
with:
Unless...
OpenSSL is being NAT hiden with a different IP than the cURL requests!
OR
Somehow one or the other is using a proxy???
3 Likes
I do not know how LE IP blocking works. Maybe if I'm blocked, I can reach the server, but can't issue a certificate.
No.
Blocked IPs can't get anything at all.
Totally blocked.
3 Likes
No, there's no NAT.
Direct routable public IP.
What shows?
curl -4 ifconfig.io
curl -6 ifconfig.io
2 Likes
IPv6 is not used.
Is that the expected IPv4 address?
2 Likes
Yes, it's configured on the server's network adapter.
Please show:
curl -Ii https://acme-v02.api.letsencrypt.org/directory
curl -Ii https://le-acme-v02.beer4.work/directory
2 Likes
That is bizzare!
What shows?:
traceroute -T -p 443 acme-v02.api.letsencrypt.org
That may not work in Windows... 
1 Like
Yes, it has not "port" option
I'm lost.
If that IP was blocked, neither PING nor TRACERT would work.
2 Likes
I can't agree with this. The IP 172.65.32.248 is owned by Cloudflare. It would be strange if they blocked ICMP to their addresses at the request of one of their tenants.
Yes, it is "owned" by Cloudlfare.
But, it is "operated" by LE.
LE is the one doing the blocking.
2 Likes
keep mind that error is when try to access auth url: if IP was blocked it wouldn't able to create that URL by asking a order that would create it
3 Likes
Ok. What's this?
