I cannot obtain ssl certificate on my nginx web server

Bolatan · April 11, 2023, 1:07am

root@ip-10-0-0-160:/home/ubuntu# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.0.129 0.0.0.0 UG 0 0 0 eth0
10.0.0.2 10.0.0.129 255.255.255.255 UGH 0 0 0 eth0
10.0.0.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0
10.0.0.129 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

rg305 · April 11, 2023, 1:08am

Try again [with the added parameters]:

traceroute -T -p 443 acme-v02.api.letsencrypt.org

Bolatan · April 11, 2023, 1:09am

yes, given you the response above

rg305 · April 11, 2023, 1:09am

No.
You did not include the:

-T -p 443

[read carefully OR just copy/paste]

Bolatan · April 11, 2023, 1:10am

I did include it

Bolatan · April 11, 2023, 1:10am

traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets

 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

rg305 · April 11, 2023, 1:11am

It is hard to see ...
When you don't show the command you ran

rg305 · April 11, 2023, 1:11am

OK.... I see it in the edit now.
Then your firewall is blocking that IP [OR more likely network / range].

Bolatan · April 11, 2023, 1:12am

but it gets to most other websites. I dont think its my firewall

rg305 · April 11, 2023, 1:13am

Show:
traceroute -T -p 443 172.65.32.0
traceroute -T -p 443 172.65.0.0
traceroute -T -p 443 172.0.0.0

rg305 · April 11, 2023, 1:14am

Most other websites are NOT in 172.0.0.0/10.

Bolatan · April 11, 2023, 1:14am

it gets to cnn.com, bbc.com, google.com

rg305 · April 11, 2023, 1:15am

Name:      cnn.com
Addresses: 2a04:4e42::773
           2a04:4e42:800::773
           2a04:4e42:a00::773
           2a04:4e42:600::773
           2a04:4e42:c00::773
           2a04:4e42:400::773
           2a04:4e42:e00::773
           2a04:4e42:200::773
           151.101.67.5
           151.101.3.5
           151.101.131.5
           151.101.195.5

Name:      bbc.com
Addresses: 2a04:4e42::81
           2a04:4e42:400::81
           2a04:4e42:200::81
           2a04:4e42:600::81
           151.101.0.81
           151.101.192.81
           151.101.128.81
           151.101.64.81

Name:      google.com
Addresses: 2607:f8b0:4008:801::200e
           142.250.64.174

rg305 · April 11, 2023, 1:15am

None are in 172.anything.

rg305 · April 11, 2023, 1:17am

Shall we continue?

Bolatan · April 11, 2023, 1:19am

which 172 block should i add to my route table;

rg305 · April 11, 2023, 1:21am

None.

If you want to continue, then...
Show these:
traceroute -m 5 -T -p 443 172.65.32.0
traceroute -m 5 -T -p 443 172.65.0.0
traceroute -m 5 -T -p 443 172.0.0.0

and for comparison:
traceroute -m 5 -T -p 443 cnn.com

Bolatan · April 11, 2023, 1:29am

it works now, thanks
I had 172.0.0.0/8 going to a vpn

rg305 · April 11, 2023, 1:30am

BINGO!

Glad I could help.
Cheers from Miami

Bolatan · April 11, 2023, 1:30am

You really made my day