Help to unblock IP Address

asesistel · May 3, 2022, 10:27pm

Hi, the ip address of our mails erver looks to be blocked, ip address: 51.222.173.52, this is a recently adquired ip address from our dedicated server provider, in a new zimbra installation, thanks in advance

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
curl -4L https://acme-v02.api.letsencrypt.org/directory

It produced this output:
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443

My web server is (include version):
Mail server, Zimbra 8.8.15

The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS

My hosting provider, if applicable, is:
OVH

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.26.0 snap version

rg305 · May 3, 2022, 10:40pm

Hi @asesistel, and welcome to the LE community forum

That is strange for Ubuntu 20...

What say:
curl -4I http://google.com/
curl -4I https://google.com/

also:
openssl version

asesistel · May 4, 2022, 1:13am

Hi, thank you for the support,

curl -4I http://google.com/
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Wed, 04 May 2022 01:04:21 GMT
Expires: Fri, 03 Jun 2022 01:04:21 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

curl -4I https://google.com/
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
date: Wed, 04 May 2022 01:04:26 GMT
expires: Fri, 03 Jun 2022 01:04:26 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OpenSSL> version
OpenSSL 1.1.1f 31 Mar 2020

by the way i have another ubuntu 20.04 server than i am configuring zimbra too, on these server the curl -4L https://acme-v02.api.letsencrypt.org/directory output is as follow:
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"xcfkT2oXMI0": "Adding random entries to the directory"
}

is exactly the same software installed on both, i supsect maybe was something with the ip address of the first one: 51.222.173.52 but now i am figuring out there is one diference on the network configuration, the first one --> 51.222.173.52 traffic pass through an aditional router (without NAT, only routed) and the server have two ip address, i don't know if maybe these is the problem the second one is connected directly. What do you recomend i can configure the first server without the aditional router to check if the problem persist

thanks in advance

rg305 · May 4, 2022, 1:59am

As shown by your tests, the problem is NOT curl.

Let's check DNS and routing.
dig A acme-v02.api.letsencrypt.org
traceroute -I acme-v02.api.letsencrypt.org

JamesLE · May 4, 2022, 4:55am

We've unblocked your IP address. Sorry about the trouble!

asesistel · May 4, 2022, 6:46am

Thank you for your help, now i was able to generate the certificate

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for correo.naguanaguadigital.com
Performing the following challenges:
http-01 challenge for correo.naguanaguadigital.com
Waiting for verification...
Cleaning up challenges

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/correo.naguanaguadigital.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/correo.naguanaguadigital.com/privkey.pem
This certificate expires on 2022-08-02.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.