I'm getting Network Unreachable

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: timesheet.mantuaservices.com

I ran this command: curl -v https://acme-v02.api.letsencrypt.org/directory

It produced this output:

root@ip-172-65-14-72:/home/frappe/frappe-bench/frappe-bench# curl -v https://acme-v02.api.letsencrypt.org/directory
*   Trying
*   Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
* Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable

* connect to port 443 failed: Connection timed out
* Failed to connect to acme-v02.api.letsencrypt.org port 443 after 129723 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 129723 ms: Connection timed out

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS (GNU/Linux 6.2.0-1013-aws x86_64)

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.1

Here are my routes too:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    100    0        0 ens5   U     100    0        0 ens5 UH    100    0        0 ens5 UH    100    0        0 ens5

Is that the IP range of your internal network? :thinking:


You are using a network that is to be found on the Internet.
Stay within RFC 1918 address spaces:


Well, there seem to be two problems.

  1. Using public IPv4 space as a private network (and therefore not being able to connect to that part of the public Internet).
  2. Not being able to access the IPv6 Internet at all, when it seems like the server thinks that it should be able to. (Or is that the error one would get even with a server that doesn't think it has IPv6 access at all?)

Fixing either one of those would allow for connecting to Let's Encrypt's servers, but ideally both would be fixed.


Thanks for the help guys!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.