Curl https://acme-v02.api.letsencrypt.org/directory timeout

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:indigo.kz

I ran this command:
curl -v https://acme-v02.api.letsencrypt.org/directory -m 5
It produced this output:

• About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
• Trying 172.65.32.248...
• Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• Operation timed out after 5001 milliseconds with 0 out of 0 bytes received
• Closing connection 0
  My web server is (include version):
  Apache/2.4.6
  The operating system my web server runs on is (include version):
  CloudLinux 7.9

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk Obsidian 18.0.67.3

Greeting! I can't curl endpoint https://acme-v02.api.letsencrypt.org/directory however traceroute shows packets coming through.

traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gw.hoster.kz (37.140.243.1) 2.396 ms 2.421 ms 2.433 ms
2 * * *
3 92.46.35.157 (92.46.35.157) 0.296 ms 0.329 ms 0.345 ms
4 95.59.170.134 (95.59.170.134) 2.387 ms 2.417 ms 2.332 ms
5 92.47.150.188 (92.47.150.188) 3229.755 ms 3229.900 ms 3229.830 ms
6 95.57.207.238 (95.57.207.238) 39.770 ms 39.458 ms 39.445 ms
7 172.65.32.248 (172.65.32.248) 2.069 ms 1.646 ms 1.958 ms

Firewall is not blocking api IP. Is there anything else I can check?

A post was split to a new topic: Timeout connecting to LE staging

That hop is slow at 3.2s. Your curl only allowed 5s timeout. What if you allow longer? Does it still fail repeatedly with 10s?

Can you reach other Certificate Authorities? What do these show?

curl https://api.buypass.com/acme/directory

curl --connect-to ::172.253.115.139:443 https://dv.acme-v02.api.pki.goog/directory

Thanks for fast reply. Without timeout options curl will hang indefinitely.

curl --resolve dv.acme-v02.api.pki.goog:443:172.253.115.139 https://dv.acme-v02.api.pki.goog/directory
{"newNonce":"https://dv.acme-v02.api.pki.goog/new-nonce","newAccount":"https://dv.acme-v02.api.pki.goog/new-account","newOrder":"https://dv.acme-v02.api.pki.goog/new-order","newAuthz":"https://dv.acme-v02.api.pki.goog/new-authz","revokeCert":"https://dv.acme-v02.api.pki.goog/revoke-cert","keyChange":"https://dv.acme-v02.api.pki.goog/key-change","renewalInfo":"https://dv.acme-v02.api.pki.goog/renewal-info","meta":{"termsOfService":"https://pki.goog/GTS-SA.pdf","website":"https://pki.goog","caaIdentities":["pki.goog"],"externalAccountRequired":true}}

I found a topic about service not being available in Kazakhstan. I can see access is not blocked everywhere though

globalping http https://acme-v02.api.letsencrypt.org/directory --from=Kazakhstan  --limit=20
> AS, KZ, Almaty, ASN:41798, JSC Transtelecom
HTTP/1.1 200
Server: nginx
Date: Fri, 04 Apr 2025 04:01:11 GMT
Content-Type: application/json
Content-Length: 1042
Connection: close
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: BEwrIPHlCgMeH1iIGeUPqCTkPbcQrzJK1k7J3M4qoIM5LV88MmI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

> AS, KZ, Pavlodar, ASN:9198, JSC Kazakhtelecom
Timeout awaiting 'request' for 10000ms - ETIMEDOUT

> AS, KZ, Astana, ASN:41798, JSC Transtelecom
HTTP/1.1 200
Server: nginx
Date: Fri, 04 Apr 2025 04:01:11 GMT
Content-Type: application/json
Content-Length: 1042
Connection: close
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: mjolWR0rP3QOXFoCKKDpAW0cDU9tPktD11A1dxmWJlyO3qIi2Yo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

> AS, KZ, Almaty, ASN:202422, G-Core Labs S.A.
Timeout awaiting 'request' for 10000ms - ETIMEDOUT

> AS, KZ, Almaty, ASN:57008, ITGLOBALCOM KAZ LLP
HTTP/1.1 200
Server: nginx
Date: Fri, 04 Apr 2025 04:01:11 GMT
Content-Type: application/json
Content-Length: 1042
Connection: close
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: mjolWR0r1BSGI6YhfLivFkqvooRH5ukTwvQy3sT13ZfTKyu4eNA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

My cloudflare trace

curl https://www.cloudflare.com/cdn-cgi/trace
fl=965f78
h=www.cloudflare.com
ip=185.116.195.198
ts=1743739356.991
visit_scheme=https
uag=curl/7.29.0
colo=SIN
sliver=none
http=http/1.1
loc=KZ
tls=TLSv1.2
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

Thanks for info. LE staff are looking into that other thread. We should wait for resolution of that given your proximity

Did you have any luck reaching that one?

@maximg1 Whatever was affecting Kazakhstan comms looks to be resolved. See the thread you saw earlier.

Are you still having problems?

If so, I am still curious the result for this

No luck, curl https://api.buypass.com/acme/directory times out. It looks like problem alleviated for a few day then it reappeared.

Buypass is a different Certificate Authority unrelated to Let's Encrypt. Whatever connection problem you are having doesn't seem unique to LE.

Probably best to continue watching that other thread. Looks like only some ISP are affected (although some are large)

About a hour ago I got access to LE service again.