I cannot obtain ssl certificate on my nginx web server

Help
21

root@ip-10-0-0-160:/home/ubuntu# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.0.129 0.0.0.0 UG 0 0 0 eth0
10.0.0.2 10.0.0.129 255.255.255.255 UGH 0 0 0 eth0
10.0.0.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0
10.0.0.129 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

22

Try again [with the added parameters]:

traceroute -T -p 443 acme-v02.api.letsencrypt.org

2 Likes
23

yes, given you the response above

24

No.
You did not include the:

-T -p 443

[read carefully OR just copy/paste]

1 Like
25

I did include it

26 
traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets

 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
27

It is hard to see ...
When you don't show the command you ran :frowning:

2 Likes
28

OK.... I see it in the edit now.
Then your firewall is blocking that IP [OR more likely network / range].

2 Likes
29

but it gets to most other websites. I dont think its my firewall

30

Show:
traceroute -T -p 443 172.65.32.0
traceroute -T -p 443 172.65.0.0
traceroute -T -p 443 172.0.0.0

2 Likes
31

Most other websites are NOT in 172.0.0.0/10.

3 Likes
32

it gets to cnn.com, bbc.com, google.com

33 
Name:      cnn.com
Addresses: 2a04:4e42::773
           2a04:4e42:800::773
           2a04:4e42:a00::773
           2a04:4e42:600::773
           2a04:4e42:c00::773
           2a04:4e42:400::773
           2a04:4e42:e00::773
           2a04:4e42:200::773
           151.101.67.5
           151.101.3.5
           151.101.131.5
           151.101.195.5

Name:      bbc.com
Addresses: 2a04:4e42::81
           2a04:4e42:400::81
           2a04:4e42:200::81
           2a04:4e42:600::81
           151.101.0.81
           151.101.192.81
           151.101.128.81
           151.101.64.81

Name:      google.com
Addresses: 2607:f8b0:4008:801::200e
           142.250.64.174
3 Likes
34

None are in 172.anything.

3 Likes
35

Shall we continue?

3 Likes
36

which 172 block should i add to my route table;

37

None.

If you want to continue, then...
Show these:
traceroute -m 5 -T -p 443 172.65.32.0
traceroute -m 5 -T -p 443 172.65.0.0
traceroute -m 5 -T -p 443 172.0.0.0

and for comparison:
traceroute -m 5 -T -p 443 cnn.com

3 Likes
38

it works now, thanks
I had 172.0.0.0/8 going to a vpn

1 Like
39

BINGO!

Glad I could help.
Cheers from Miami :beers:

3 Likes
40

You really made my day

3 Likes