I have problem when create/renew SSL with specific IP range

lamnt · January 21, 2021, 8:11am

Hello, i'm using Directadmin to create/renew SSL for my website.

First, my VPS IP is 103.159.52.34, i create a host ntlamnt.tk and point my record A to this IP and when i create SSL for my domain ntlamnt.tk, i got error.
Here is the error link show up: https://acme-v02.api.letsencrypt.org/acme/authz-v3/10236167415

Second, i change my VPS IP to different VLAN: 203.162.51.211, point record A to this IP and i can create SSL for my domain ntlamnt.tk and www.lamnt.tk with no problems:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/10236438223
https://acme-v02.api.letsencrypt.org/acme/authz-v3/10236167416

Finally, i change my VPS IP back to VLAN 103.159.52.x with different IP: 103.159.52.124 for my domain mail.ntlamnt.tk and i got the same problem at from the First:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/10241021174

So, i can not create/renew SSL with this VLAN 103.159.52.x ( any IP from this VLAN not work ), but with VLAN 203.162.51.x, i can create SSL with no problems.

I disabled all firewall in my VPS but still have problems, so how can i check if my IP range is blocked by Let's Encrypt or any connection problems from my VLAN 103.159.52.x to Let's Encrypt server ?

Thank you.

JimPas · January 21, 2021, 8:40am

The 103 block of IPs or a portion of that block may be blocked by China. That could be why you were successful with the 203.162.51.211 and not with the two 103 IPs. You error shows a timeout for the 103 IPs and shows the status of your domain name status as invalid. So there is most likely a firewall blocking the two 103 IP addresses you tried.

Since I'm heading off to bed, maybe someone else will be able to jump in and give you a little more help. If not, I'll be back in a few hours.

lamnt · January 21, 2021, 11:59am

Hello JimPas, thank you for your reply.

So if i was blocked by China, why i cannot connect to Let's Encrypt's servers. Are Let's Encrypt's servers located in China ?

Is there any config that i can change Let's Encrypt' servers to somewhere outside China and I can reissue my SSL again ?

Thank you.

rg305 · January 21, 2021, 2:16pm

If you switch and use DNS validation, your actual IP becomes an non-issue.

system · February 20, 2021, 2:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.