IP Blocked. Error code:403

We have many sites on one IP. At the time of transferring from one IP to another IP, I started generating certificates without completely transferring all sites to a new IP and as a result, all new requests gave an error: return code: 403 Details: Invalid response from http://zhk-vyshe.ru/.well-known/acme-challenge/gKgqanU3c-lhpDTR-7XRjlaQNK3_B-Bso-F5FlJ5Ig8 []: "\r\n\r\n\r\n\t\r\n\t\r\n\t

I deleted all redundant certificates and completed the transfer of sites to a new IP (

Could you please unblock our IP address

My domain is: zhk-vyshe.ru

My hosting provider: ihc.ru

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPManager

Hi @elfka333

I don't think there is an ip blocked.

If you want to create a certificate running a Letsencrypt client on the ip 37., but the domain A record has 46., then you see that error message.

So if the transfer is now complete, start to create new certificates.

zhk-vyshe.ru has no certificate, not old, not new.

1 Like

Yes, but now when creating a new certificate, I just get a message: The process of obtaining a certificate has begun. And that’s all, nothing else is happening.

Then your client is buggy.

Your configuration looks ok - https://check-your-website.server-daten.de/?q=zhk-vyshe.ru

Domainname Http-Status redirect Sec. G
http://www.zhk-vyshe.ru/ 301 http://zhk-vyshe.ru/ 0.483 D
http://zhk-vyshe.ru/ 200 0.830 H
https://www.zhk-vyshe.ru/ 301 https://zhk-vyshe.ru/ 3.760 N
Certificate error: RemoteCertificateNameMismatch
https://zhk-vyshe.ru/ 200 4.013 N
Certificate error: RemoteCertificateNameMismatch
http://zhk-vyshe.ru/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.123 A
Not Found
Visible Content: 404 Not Found nginx/1.12.2
http://www.zhk-vyshe.ru/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.127 A
Not Found
Visible Content: 404 Not Found nginx/1.12.2

Port 80 is open and answers.

Perhaps your ISPManager has a wrong / incomplete configuration.


Before this error occurred, I generated 50 certificates. They quickly formed and work. And now, after this error, I can not generate certificates.

1 Like

Hi @elfka333,

Let’s Encrypt does not have an IP block for any of the IP addresses listed in previous comments. From our edge perspectives I am able to successfully traceroute to your domain.

1 Like

Exact 50? Sounds like a limitation of that ISPManager.

There is a limit of max. 50 certificates per domain per week. But if you have different domains, that's not a problem.

Isn't there an additional log? So you can find a more specific error message?

50 certificates for different domains.

Today at 16:30:08 the status appeared. The process of obtaining a certificate has begun. And no more changes.
Technical support writes - “CSR generated and sent. There is no response from the certification authority yet. We must expect an answer from them.”


According to logs, the last validation attempt for www.zhk-vyshe.ru happened on July 11th, 2019 and each attempt that day did not succeed. I also do not see any previous certificate issuances from any CA according to https://crt.sh/?q=www.zhk-vyshe.ru. I’m not exactly sure what that technical support person actually did or who they sent a CSR to, but server logs show by omission that it was not to Let’s Encrypt.

What are some of the other domains you were able to successfully issue a Let’s Encrypt certificate for?

I agree with @JuergenAuer that this sounds like an issue with ISPmanager.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.