Does LetsEncrypt block IP or whole subnets?
To my knowledge we have no such blocks in place. We favour rate limiting over outright blocking.
Do you have the same trouble reaching production, or only the staging server?
Are the different servers all in the same subnet? Can you share the output from each of these commands:
curl http://ipv4.whatismyip.akamai.com/ ; echo
curl http://ipv6.whatismyip.akamai.com/ ; echo
dig +short whoami.ipv4.akahelp.net TXT
dig +short whoami.ipv6.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
mtr -c 20 -w -r acme-staging.api.letsencrypt.org
(You might need to install mtr
for the last one).