Having an issue with being able to curl -v https://acme-v01.api.letsencrypt.org/directory


#1

Hello,

We are having connection issue with your network and unable to access from our server. Our server IP is 172.93.236.90. Am I doing something wrong or our server IP 172.93.236.90 is blacklisted at your network ? I have disabled firewall on server. Please check and update us regarding this.

[root@server1 test]# curl -v https://acme-v01.api.letsencrypt.org/directory

  • About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
  • Trying 23.4.118.210…
    * Connection timed out
  • Trying 2600:1407:16:281::3d5…
  • Failed to connect to 2600:1407:16:281::3d5: Network is unreachable
  • Trying 2600:1407:16:283::3d5…
  • Failed to connect to 2600:1407:16:283::3d5: Network is unreachable
  • Failed connect to acme-v01.api.letsencrypt.org:443; Network is unreachable
  • Closing connection 0
    curl: (7) Failed to connect to 2600:1407:16:281::3d5: Network is unreachable

Thanks.


#2

have a read of this

I am not having issues in australia

try going lower and using telnet as a test (this will let you know if its a network or protocol HTTPS issue)

also try in your browser as well

do a trace route from your internal systems to letsencrypt (if this stop at an internal IP then you know it’s something there)

Please note: akamai ips will be different for you

In summary one of 3 issues

A) DNS is not working as it should be flush your DNS records if you have used LetsEncrypt before
B) You firewalls are blocking port 443 going out (unlikely but it could be an issue) - tracert would confirm that
C) You firewall is blocking json responses (unusual but could be)

Andrei


#3

hi @centexhosting

its your DNS most likely

flush the DNS

LetsEncrypt changes the IPs quite often

Some more reading: Renewal failed after months of success

Andrei


#4

Hello,

[root@server1 test]# traceroute acme-v01.api.letsencrypt.org
traceroute to acme-v01.api.letsencrypt.org (23.4.118.210), 30 hops max, 60 byte packets
1 66.11.119.1 (66.11.119.1) 1.173 ms 1.175 ms 1.206 ms
2 * * *
3 144.168.41.1 (144.168.41.1) 0.760 ms 0.770 ms 0.769 ms
4 144.168.32.1 (144.168.32.1) 0.423 ms 0.440 ms 0.439 ms
5 equinix-da.5-3.r2.da.hwng.net (206.223.118.73) 0.479 ms 0.513 ms 0.486 ms
6 ix-ae-10-301.tcore1.DT8-Dallas.as6453.net (66.110.56.97) 0.472 ms 0.513 ms 0.486 ms
7 if-ae-23-2.tcore2.CT8-Chicago.as6453.net (64.86.79.120) 23.495 ms 23.480 ms 23.588 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *

We are getting above an error while tracerts. Also , lets encrypt plugin doesn’t work and getting an error while access it through WHM : http://prntscr.com/eo8rxe

Any suggestion regarding this ?


#5

interesting

my resolvers do eventually get there

try a trace route to 104.95.188.138

also try flushing your dns (not sure how to do this in linux sorry)

if you can connect to 104.95.188.138 as a work around add this as a entry for acme-v01.api.letsencrypt.org

Andrei


#6

check your hosts files in case someone added a static entry

Andrei


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.