I think my IP is blocked

rohigot · January 8, 2023, 12:27am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: phew.pelm.shop (64.93.80.119)

I ran this command: curl -v https://acme-v02.api.letsencrypt.org/

It produced this output:
curl -v https://acme-v02.api.letsencrypt.org/

Trying 172.65.32.248:443...
TCP_NODELAY set
Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
TCP_NODELAY set
Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
TCP_NODELAY set
Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubunut 20.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

Bruce5051 · January 8, 2023, 12:39am

Hello @rohigot, welcome to the Let's Encrypt community.

Here is a list of issued certificates crt.sh | phew.pelm.shop, the latest being 2022-12-26.

However Let's Debug is showing an ERROR, results here https://letsdebug.net/phew.pelm.shop/1327327

And here is what I get with curl

$ curl -Ii http://phew.pelm.shop/.well-known/acme-challenge/testfile
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 08 Jan 2023 00:36:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

That is an old version of Certbot; check here Certbot 2.1.0 Release

Bruce5051 · January 8, 2023, 12:46am

I find these results SSL Server Test: phew.pelm.shop (Powered by Qualys SSL Labs), in the HTTP Requests section, odd.
And these results seem off to me as well Check website performance and response: Check host - online website monitoring

petercooperjr · January 8, 2023, 12:48am

Can you access other sites from that server using curl, and just not the Let's Encrypt API? Does it have access to both IPv4 & IPv6?

rohigot · January 8, 2023, 12:55am

root@ubuntu:/etc/letsencrypt/live/phew.nesl.space# curl -v https://youtube.com

Trying 142.250.64.174:443...
TCP_NODELAY set
Connected to youtube.com (142.250.64.174) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations

Yes I can access other sites but can't access to the letsencrypt API. I can'teven ping letsencrypt:

ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5105ms

Bruce5051 · January 8, 2023, 12:58am

How about?

curl -v https://community.letsencrypt.org/
curl -v https://letsencrypt.org/

rohigot · January 8, 2023, 12:59am

Yes both of them is good. I can connect

Bruce5051 · January 8, 2023, 1:00am

What do you get for results from

curl -4 https://ifconfig.io
curl -6 https://ifconfig.io

and/or

curl -4 https://ifconfig.co
curl -6 https://ifconfig.co

rohigot · January 8, 2023, 1:02am

64.93.80.119

rohigot · January 8, 2023, 1:04am

curl -6 https://ifconfig.io and curl -6 http://ifconfig.co gives this resul
curl: (7) Couldn't connect to server

curl -4 https://ifconfig.co and curl -4 https://ifconfig.co gives this result
64.93.80.119

Bruce5051 · January 8, 2023, 1:07am

OK; so we know you do not have an IPv6 Address.

And nslookup also matches the IPv4 address you supplied.

> set q=a
> phew.pelm.shop
Server:         adelaide.ns.cloudflare.com
Address:        108.162.194.1#53

Name:   phew.pelm.shop
Address: 64.93.80.119
>

Bruce5051 · January 8, 2023, 1:09am

Instead try curl -4 -v https://acme-v02.api.letsencrypt.org/

rg305 · January 8, 2023, 1:12am

What does the routing table look like?:
Show:
netstat -nr

rohigot · January 8, 2023, 1:14am

root@phew:~# curl -4 -v https://acme-v02.api.letsencrypt.org/

Trying 172.65.32.248:443...
TCP_NODELAY set
connect to 172.65.32.248 port 443 failed: Connection timed out
Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out
Closing connection 0
curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out

root@phew:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 64.93.80.1 0.0.0.0 UG 0 0 0 eth0
64.93.80.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

rg305 · January 8, 2023, 1:17am

What shows?:
sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org

rohigot · January 8, 2023, 1:18am

root@phew:~# sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 64.93.80.1 (64.93.80.1) 0.268 ms 0.292 ms 0.280 ms
2 172.31.255.0 (172.31.255.0) 0.239 ms 0.278 ms 0.178 ms
3 * * *
4 * * *
5 * * *
...
30 * * *

rg305 · January 8, 2023, 1:18am

What shows?
sudo traceroute -T -p 443 8.8.8.8

rohigot · January 8, 2023, 1:19am

root@phew:~# sudo traceroute -T -p 443 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 64.93.80.1 (64.93.80.1) 0.220 ms 0.225 ms 0.176 ms
2 172.31.255.0 (172.31.255.0) 0.214 ms 0.234 ms 0.137 ms
3 te0-0-0-9.rcr02.b073673-0.mci01.atlas.cogentco.com (38.20.20.65) 1.480 ms 1.396 ms 1.305 ms
4 be2768.ccr22.mci01.atlas.cogentco.com (154.54.88.89) 1.130 ms 1.179 ms be2767.ccr21.mci01.atlas.cogentco.com (154.54.88.85) 0.965 ms
5 be2432.ccr31.dfw01.atlas.cogentco.com (154.54.3.133) 10.983 ms 10.739 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213) 10.919 ms
6 be2763.ccr41.dfw03.atlas.cogentco.com (154.54.28.74) 10.955 ms be2764.ccr41.dfw03.atlas.cogentco.com (154.54.47.214) 10.987 ms 10.863 ms
7 tata.dfw03.atlas.cogentco.com (154.54.12.106) 11.103 ms 11.325 ms 10.480 ms
8 66.110.56.139 (66.110.56.139) 10.771 ms 10.635 ms 74.125.50.198 (74.125.50.198) 10.593 ms
9 108.170.240.193 (108.170.240.193) 10.913 ms 108.170.252.161 (108.170.252.161) 11.677 ms *
10 142.250.62.203 (142.250.62.203) 10.571 ms 142.250.62.205 (142.250.62.205) 10.752 ms 10.725 ms
11 dns.google (8.8.8.8) 10.685 ms 10.708 ms 10.789 ms

rg305 · January 8, 2023, 1:20am

Whomever operates 172.31.225.0 [likely your ISP] needs to check their route tables.

rohigot · January 8, 2023, 1:22am

Ok thanks my provider is the problem here. He keeps telling me to upgrade my plan to the managed in order to help to solve this problem. I will contact with them

Thanks again for your help

Topic		Replies	Views
I think my Server IP is blocked or something Help	11	527	September 15, 2023
I think my IP Address is blocked Help	11	723	January 12, 2023
Please check if IP 45.149.128.6 is blocked, please unblock Help	25	2157	January 19, 2022
My IP is blocked Help	4	505	September 3, 2022
Please unblock my IP Address Help	17	956	December 1, 2023

I think my IP is blocked

Related topics