I think my IP is blocked

rohigot · January 8, 2023, 12:27am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: phew.pelm.shop (64.93.80.119)

I ran this command: curl -v https://acme-v02.api.letsencrypt.org/

It produced this output:
curl -v https://acme-v02.api.letsencrypt.org/

Trying 172.65.32.248:443...
TCP_NODELAY set
Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
TCP_NODELAY set
Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
TCP_NODELAY set
Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubunut 20.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

Bruce5051 · January 8, 2023, 12:39am

Hello @rohigot, welcome to the Let's Encrypt community.

Here is a list of issued certificates crt.sh | phew.pelm.shop, the latest being 2022-12-26.

However Let's Debug is showing an ERROR, results here https://letsdebug.net/phew.pelm.shop/1327327

And here is what I get with curl

$ curl -Ii http://phew.pelm.shop/.well-known/acme-challenge/testfile
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 08 Jan 2023 00:36:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

That is an old version of Certbot; check here Certbot 2.1.0 Release

Bruce5051 · January 8, 2023, 12:46am

I find these results SSL Server Test: phew.pelm.shop (Powered by Qualys SSL Labs), in the HTTP Requests section, odd.
And these results seem off to me as well Check website performance and response: Check host - online website monitoring

petercooperjr · January 8, 2023, 12:48am

Can you access other sites from that server using curl, and just not the Let's Encrypt API? Does it have access to both IPv4 & IPv6?

rohigot · January 8, 2023, 12:55am

root@ubuntu:/etc/letsencrypt/live/phew.nesl.space# curl -v https://youtube.com

Trying 142.250.64.174:443...
TCP_NODELAY set
Connected to youtube.com (142.250.64.174) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations

Yes I can access other sites but can't access to the letsencrypt API. I can'teven ping letsencrypt:

ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5105ms

Bruce5051 · January 8, 2023, 12:58am

How about?

curl -v https://community.letsencrypt.org/
curl -v https://letsencrypt.org/

rohigot · January 8, 2023, 12:59am

Yes both of them is good. I can connect

Bruce5051 · January 8, 2023, 1:00am

What do you get for results from

curl -4 https://ifconfig.io
curl -6 https://ifconfig.io

and/or

curl -4 https://ifconfig.co
curl -6 https://ifconfig.co

rohigot · January 8, 2023, 1:02am

64.93.80.119

rohigot · January 8, 2023, 1:04am

curl -6 https://ifconfig.io and curl -6 http://ifconfig.co gives this resul
curl: (7) Couldn't connect to server

curl -4 https://ifconfig.co and curl -4 https://ifconfig.co gives this result
64.93.80.119

Bruce5051 · January 8, 2023, 1:07am

OK; so we know you do not have an IPv6 Address.

And nslookup also matches the IPv4 address you supplied.

> set q=a
> phew.pelm.shop
Server:         adelaide.ns.cloudflare.com
Address:        108.162.194.1#53

Name:   phew.pelm.shop
Address: 64.93.80.119
>

Bruce5051 · January 8, 2023, 1:09am

Instead try curl -4 -v https://acme-v02.api.letsencrypt.org/

rg305 · January 8, 2023, 1:12am

What does the routing table look like?:
Show:
netstat -nr

rohigot · January 8, 2023, 1:14am

root@phew:~# curl -4 -v https://acme-v02.api.letsencrypt.org/

Trying 172.65.32.248:443...
TCP_NODELAY set
connect to 172.65.32.248 port 443 failed: Connection timed out
Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out
Closing connection 0
curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out

root@phew:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 64.93.80.1 0.0.0.0 UG 0 0 0 eth0
64.93.80.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

rg305 · January 8, 2023, 1:17am

What shows?:
sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org

rohigot · January 8, 2023, 1:18am

root@phew:~# sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 64.93.80.1 (64.93.80.1) 0.268 ms 0.292 ms 0.280 ms
2 172.31.255.0 (172.31.255.0) 0.239 ms 0.278 ms 0.178 ms
3 * * *
4 * * *
5 * * *
...
30 * * *

rg305 · January 8, 2023, 1:18am

What shows?
sudo traceroute -T -p 443 8.8.8.8

rohigot · January 8, 2023, 1:19am

root@phew:~# sudo traceroute -T -p 443 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 64.93.80.1 (64.93.80.1) 0.220 ms 0.225 ms 0.176 ms
2 172.31.255.0 (172.31.255.0) 0.214 ms 0.234 ms 0.137 ms
3 te0-0-0-9.rcr02.b073673-0.mci01.atlas.cogentco.com (38.20.20.65) 1.480 ms 1.396 ms 1.305 ms
4 be2768.ccr22.mci01.atlas.cogentco.com (154.54.88.89) 1.130 ms 1.179 ms be2767.ccr21.mci01.atlas.cogentco.com (154.54.88.85) 0.965 ms
5 be2432.ccr31.dfw01.atlas.cogentco.com (154.54.3.133) 10.983 ms 10.739 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213) 10.919 ms
6 be2763.ccr41.dfw03.atlas.cogentco.com (154.54.28.74) 10.955 ms be2764.ccr41.dfw03.atlas.cogentco.com (154.54.47.214) 10.987 ms 10.863 ms
7 tata.dfw03.atlas.cogentco.com (154.54.12.106) 11.103 ms 11.325 ms 10.480 ms
8 66.110.56.139 (66.110.56.139) 10.771 ms 10.635 ms 74.125.50.198 (74.125.50.198) 10.593 ms
9 108.170.240.193 (108.170.240.193) 10.913 ms 108.170.252.161 (108.170.252.161) 11.677 ms *
10 142.250.62.203 (142.250.62.203) 10.571 ms 142.250.62.205 (142.250.62.205) 10.752 ms 10.725 ms
11 dns.google (8.8.8.8) 10.685 ms 10.708 ms 10.789 ms

rg305 · January 8, 2023, 1:20am

Whomever operates 172.31.225.0 [likely your ISP] needs to check their route tables.

rohigot · January 8, 2023, 1:22am

Ok thanks my provider is the problem here. He keeps telling me to upgrade my plan to the managed in order to help to solve this problem. I will contact with them

Thanks again for your help