I think my IP is blocked

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: phew.pelm.shop (64.93.80.119)

I ran this command: curl -v https://acme-v02.api.letsencrypt.org/

It produced this output:
curl -v https://acme-v02.api.letsencrypt.org/

  • Trying 172.65.32.248:443...
  • TCP_NODELAY set
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
  • Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
  • TCP_NODELAY set
  • Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubunut 20.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

2

Hello @rohigot, welcome to the Let's Encrypt community. :slightly_smiling_face:

Here is a list of issued certificates crt.sh | phew.pelm.shop, the latest being 2022-12-26.

However Let's Debug is showing an ERROR, results here https://letsdebug.net/phew.pelm.shop/1327327

And here is what I get with curl

$ curl -Ii http://phew.pelm.shop/.well-known/acme-challenge/testfile
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 08 Jan 2023 00:36:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

That is an old version of Certbot; check here Certbot 2.1.0 Release

3

I find these results SSL Server Test: phew.pelm.shop (Powered by Qualys SSL Labs), in the HTTP Requests section, odd.
And these results seem off to me as well Check website performance and response: Check host - online website monitoring

4

Can you access other sites from that server using curl, and just not the Let's Encrypt API? Does it have access to both IPv4 & IPv6?

5

root@ubuntu:/etc/letsencrypt/live/phew.nesl.space# curl -v https://youtube.com

  • Trying 142.250.64.174:443...
  • TCP_NODELAY set
  • Connected to youtube.com (142.250.64.174) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations

Yes I can access other sites but can't access to the letsencrypt API. I can'teven ping letsencrypt:

ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5105ms

6

How about?

curl -v https://community.letsencrypt.org/
curl -v https://letsencrypt.org/
7

Yes both of them is good. I can connect

8

What do you get for results from

curl -4 https://ifconfig.io
curl -6 https://ifconfig.io

and/or

curl -4 https://ifconfig.co
curl -6 https://ifconfig.co
9

64.93.80.119

10

curl -6 https://ifconfig.io and curl -6 http://ifconfig.co gives this resul
curl: (7) Couldn't connect to server

curl -4 https://ifconfig.co and curl -4 https://ifconfig.co gives this result
64.93.80.119

11

OK; so we know you do not have an IPv6 Address.

And nslookup also matches the IPv4 address you supplied.

> set q=a
> phew.pelm.shop
Server:         adelaide.ns.cloudflare.com
Address:        108.162.194.1#53

Name:   phew.pelm.shop
Address: 64.93.80.119
>
12

Instead try curl -4 -v https://acme-v02.api.letsencrypt.org/

14

What does the routing table look like?:
Show:
netstat -nr

15

root@phew:~# curl -4 -v https://acme-v02.api.letsencrypt.org/

  • Trying 172.65.32.248:443...
  • TCP_NODELAY set
  • connect to 172.65.32.248 port 443 failed: Connection timed out
  • Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out
  • Closing connection 0
    curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out

root@phew:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 64.93.80.1 0.0.0.0 UG 0 0 0 eth0
64.93.80.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

16

What shows?:
sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org

17

root@phew:~# sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 64.93.80.1 (64.93.80.1) 0.268 ms 0.292 ms 0.280 ms
2 172.31.255.0 (172.31.255.0) 0.239 ms 0.278 ms 0.178 ms
3 * * *
4 * * *
5 * * *
...
30 * * *

18

What shows?
sudo traceroute -T -p 443 8.8.8.8

19

root@phew:~# sudo traceroute -T -p 443 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 64.93.80.1 (64.93.80.1) 0.220 ms 0.225 ms 0.176 ms
2 172.31.255.0 (172.31.255.0) 0.214 ms 0.234 ms 0.137 ms
3 te0-0-0-9.rcr02.b073673-0.mci01.atlas.cogentco.com (38.20.20.65) 1.480 ms 1.396 ms 1.305 ms
4 be2768.ccr22.mci01.atlas.cogentco.com (154.54.88.89) 1.130 ms 1.179 ms be2767.ccr21.mci01.atlas.cogentco.com (154.54.88.85) 0.965 ms
5 be2432.ccr31.dfw01.atlas.cogentco.com (154.54.3.133) 10.983 ms 10.739 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213) 10.919 ms
6 be2763.ccr41.dfw03.atlas.cogentco.com (154.54.28.74) 10.955 ms be2764.ccr41.dfw03.atlas.cogentco.com (154.54.47.214) 10.987 ms 10.863 ms
7 tata.dfw03.atlas.cogentco.com (154.54.12.106) 11.103 ms 11.325 ms 10.480 ms
8 66.110.56.139 (66.110.56.139) 10.771 ms 10.635 ms 74.125.50.198 (74.125.50.198) 10.593 ms
9 108.170.240.193 (108.170.240.193) 10.913 ms 108.170.252.161 (108.170.252.161) 11.677 ms *
10 142.250.62.203 (142.250.62.203) 10.571 ms 142.250.62.205 (142.250.62.205) 10.752 ms 10.725 ms
11 dns.google (8.8.8.8) 10.685 ms 10.708 ms 10.789 ms

20

Whomever operates 172.31.225.0 [likely your ISP] needs to check their route tables.

21

Ok thanks my provider is the problem here. He keeps telling me to upgrade my plan to the managed in order to help to solve this problem. I will contact with them

Thanks again for your help