I believe my IP has been blocked

My domain is: aniversario2023.supermercadovioleta.com.br

I ran this command: certbot --nginx -d aniversario2023.supermercadovioleta.com.br

It produced this output:

An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
nginx version: nginx/1.22.1

The operating system my web server runs on is (include version):
Alma Linux 8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0

ping acme-v02.api.letsencrypt.org

PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
From violeta.supermercadovioleta.com.br (172.20.60.107) icmp_seq=1 Destination Host Unreachable
From violeta.supermercadovioleta.com.br (172.20.60.107) icmp_seq=2 Destination Host Unreachable
From violeta.supermercadovioleta.com.br (172.20.60.107) icmp_seq=3 Destination Host Unreachable
^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5160ms

curl -vvvv -I -L -k https://acme-v02.api.letsencrypt.org/directory

  • Trying 172.65.32.248...
  • TCP_NODELAY set
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
  • connect to 172.65.32.248 port 443 failed: No route to host
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
  • Failed to connect to acme-v02.api.letsencrypt.org port 443: No route to host
  • Closing connection 0
    curl: (7) Failed to connect to acme-v02.api.letsencrypt.org port 443: No route to host

Your IPv6 seems to be broken.

3 Likes

We do not use IPV6.

Our other servers work without problems.

Well, your server seems to think that it does use IPv6. So you either need to fix the IPv6 connectivity, or fix whatever configuration on the server made it try to route using IPv6 when it doesn't have any routes for it that work.

6 Likes

This is an IPv6 address:

2 Likes

I believe this is not the case, as the first attempt occurs in IPv4.

Anyway, I disabled it.

sysctl -w net.ipv6.conf.all.disable_ipv6=1

net.ipv6.conf.all.disable_ipv6 = 1

but the error still persists

curl tries both IPv4 and IPv6 at the same time and just sees which protocol answers first. Where an error from the IP stack is also an "answer", resulting in curl also erroring out.

What error do you get now and what does the curl test show after disabling IPv6?

2 Likes

curl -vvvv -I -L -k https://acme-v02.api.letsencrypt.org/directory

  • Trying 172.65.32.248...
  • TCP_NODELAY set
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Cannot assign requested address
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Cannot assign requested address
  • connect to 172.65.32.248 port 443 failed: No route to host
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Cannot assign requested address
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Cannot assign requested address
  • Failed to connect to acme-v02.api.letsencrypt.org port 443: No route to host
  • Closing connection 0
    curl: (7) Failed to connect to acme-v02.api.letsencrypt.org port 443: No route to host

It started working again without me doing absolutely anything.

ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=56 time=1.63 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=2 ttl=56 time=1.75 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=3 ttl=56 time=1.91 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=4 ttl=56 time=2.06 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=5 ttl=56 time=1.67 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=6 ttl=56 time=1.65 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=7 ttl=56 time=1.66 ms

Hmkay, still trying to connect to IPv6. Maybe a caching issue with curl, I believe curl does that.

Previously, your ping also only tried IPv4?

I see now that IPv4 also did not work, missed that earlier. Weird. Temporary network issue I guess.

2 Likes

Very strange,

I believe it was something temporary. I appreciate everyone's availability.

3 Likes

Is that still the case?
[that should never happen]

2 Likes

The online tool Let's Debug is presently showing OK.
https://letsdebug.net/aniversario2023.supermercadovioleta.com.br/1615182

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.