How can I check is my IP blocked?

I'm using built in generator in a ISP6.42.1 IP 77.222.42.13
error in log: Type: 'rpc' Object: 'query' Value: 'query: SSL connect error'
url: https://acme-v02.api.letsencrypt.org/acme/acct/354109220

My domain is: matomba.online

root@77-222-42-13:~# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 77-222-55-253.vps-ptr.clients.spaceweb.ru (77.222.55.253) 13.118 ms 13.167 ms 13.196 ms
2 spb-sdn-nr1.nic.ru (31.177.85.164) 0.719 ms 0.800 ms 0.824 ms
3 213.59.214.153 (213.59.214.153) 1.433 ms 1.417 ms 1.425 ms
4 * * *
...
30 * * *

CURL got me this:

root@77-222-42-13:~# curl -vvvv -I -L -k https://acme-v02.api.letsencrypt.org/directory                                                                                                                                     
* Expire in 0 ms for 6 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 1 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 0 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
...
* Expire in 8 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 7 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 7 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 8 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 8 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 8 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                            
* Expire in 10 ms for 1 (transfer 0x5611f210ac10)                                                                                                                                                                           
*   Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...                                                                                                                                                                            
* TCP_NODELAY set                                                                                                                                                                                                           
* Expire in 149984 ms for 3 (transfer 0x5611f210ac10)                                                                                                                                                                       
* Expire in 200 ms for 4 (transfer 0x5611f210ac10)                                                                                                                                                                          
* Connected to acme-v02.api.letsencrypt.org (2606:4700:60:0:f53d:5624:85c7:3a2c) port 443 (#0)                                                                                                                              
* ALPN, offering h2                                                                                                                                                                                                         
* ALPN, offering http/1.1                                                                                                                                                                                                   
* successfully set certificate verify locations:                                                                                                                                                                            
*   CAfile: none                                                                                                                                                                                                            
  CApath: /etc/ssl/certs                                                                                                                                                                                                    
* TLSv1.3 (OUT), TLS handshake, Client hello (1):                                                                                                                                                                           
* TLSv1.3 (IN), TLS handshake, Server hello (2):                                                                                                                                                                            
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):                                                                                                                                                                    
* TLSv1.3 (IN), TLS handshake, Certificate (11):                                                                                                                                                                            
* TLSv1.3 (IN), TLS handshake, CERT verify (15):                                                                                                                                                                            
* TLSv1.3 (IN), TLS handshake, Finished (20):                                                                                                                                                                               
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):                                                                                                                                                                 
* TLSv1.3 (OUT), TLS handshake, Finished (20):                                                                                                                                                                              
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384                                                                                                                                                                     
* ALPN, server accepted to use h2                                                                                                                                                                                           
* Server certificate:                                                                                                                                                                                                       
*  subject: CN=acme-v02.api.letsencrypt.org                                                                                                                                                                                 
*  start date: Feb 25 15:53:24 2022 GMT                                                                                                                                                                                     
*  expire date: May 26 15:53:23 2022 GMT                                                                                                                                                                                    
*  issuer: C=US; O=Let's Encrypt; CN=R3                                                                                                                                                                                     
*  SSL certificate verify ok.                                                                                                                                                                                               
* Using HTTP2, server supports multi-use                                                                                                                                                                                    
* Connection state changed (HTTP/2 confirmed)                                                                                                                                                                               
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0                                                                                                                                            
* Using Stream ID: 1 (easy handle 0x5611f210ac10)                                                                                                                                                                           
> HEAD /directory HTTP/2                                                                                                                                                                                                    
> Host: acme-v02.api.letsencrypt.org                                                                                                                                                                                        
> User-Agent: curl/7.64.0                                                                                                                                                                                                   
> Accept: */*                                                                                                                                                                                                               
>                                                                                                                                                                                                                           
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):                                                                                                                                                                       
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):                                                                                                                                                                       
* old SSL session ID is stale, removing                                                                                                                                                                                     
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!                                                                                                                                                                 
< HTTP/2 200                                                                                                                                                                                                                
HTTP/2 200                                                                                                                                                                                                                  
< server: nginx                                                                                                                                                                                                             
server: nginx                                                                                                                                                                                                               
< date: Mon, 14 Mar 2022 21:10:26 GMT                                                                                                                                                                                       
date: Mon, 14 Mar 2022 21:10:26 GMT                                                                                                                                                                                         
< content-type: application/json                                                                                                                                                                                            
content-type: application/json                                                                                                                                                                                              
< content-length: 658                                                                                                                                                                                                       
content-length: 658                                                                                                                                                                                                         
< cache-control: public, max-age=0, no-cache                                                                                                                                                                                
cache-control: public, max-age=0, no-cache                                                                                                                                                                                  
< replay-nonce: 0102fGV7nVkXWAk4HR-IJahdpGwUiQp86kPFtGH4Vft8sHQ                                                                                                                                                             
replay-nonce: 0102fGV7nVkXWAk4HR-IJahdpGwUiQp86kPFtGH4Vft8sHQ                                                                                                                                                               
< x-frame-options: DENY                                                                                                                                                                                                     
x-frame-options: DENY                                                                                                                                                                                                       
< strict-transport-security: max-age=604800                                                                                                                                                                                 
strict-transport-security: max-age=604800                                                                                                                                                                                   
                                                                                                                                                                                                                            
<                                                                                                                                                                                                                           
* Connection #0 to host acme-v02.api.letsencrypt.org left intact                                                                                                                                                            
root@77-222-42-13:~#         

versions of OpenSSL and curl

root@77-222-42-13:~# curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

Hi @rosssaris, and welcome to the LE community forum

Curl shows IPv6:

traceroute shows IPv4:

Something's not quite in sync.

Try:
curl -4L https://acme-v02.api.letsencrypt.org/directory

root@77-222-42-13:~# curl -4L https://acme-v02.api.letsencrypt.org/directory
{
"MCFpsqZk8DQ": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}root@77-222-42-13:~#

That IP(v4) address isn't being blocked.

Try:
curl -6L https://acme-v02.api.letsencrypt.org/directory

any thoughts on what exactly needs to be done? Already on the verge of a nervous breakdown ((

Breathe
B r e a t h e
B  r  e  a  t  h  e

One step at a time.

root@77-222-42-13:~# curl -6L https://acme-v02.api.letsencrypt.org/directory
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443

That should have been more like:

curl -6L https://acme-v02.api.letsencrypt.org/directory
{
  "92tr4EBHzs4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"

So, we might have an IPv6 problem.
[NOTED]

Now what actually brings you here?
[the blocked IP is you guessing at why something else failed]

And how to win it?

I issue/reissue 6-7 certificates per day(

root@77-222-42-13:~# curl -6L https://acme-v02.api.letsencrypt.org/directory
{
"6hSM4jR48vM": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

Now it turned out to get an answer, and when the command is repeated, it is again unavailable(

I'd guess you are encountering some variation of blocking for Russian Federation internet traffic. See also VPN.

Certificates are issued through the hoster's personal account, they do not work only with ispmanager. There are no locks

Solved the problem. I had to delete ipv6. There are no other ways to configure certificate receipt via ipv4 in ispmanager!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.