IP Blocked From API

LetsEncryptFan · March 12, 2020, 3:08am

Hi,

My validation script got temporarily bugged out and it runs every minute to issue and renew certificates for my websites.

My HTTP authentication got broken temporarily, and I believe this led to an IP block for some reason even though historically when I have had a bug it has not.

Anyway, I would like to request an IP unblock for 45.43.30.26

mnordhoff · March 12, 2020, 3:08am

Are you getting a specific error message? If so, what is it?

LetsEncryptFan · March 12, 2020, 3:20am

I can’t even curl acme-v02.api.letsencrypt.org

No response just hangs

LetsEncryptFan · March 12, 2020, 3:23am

curl acme-v02.api.letsencrypt.org
curl: (7) Failed to connect to acme-v02.api.letsencrypt.org port 80: Connection timed out

leader · March 12, 2020, 8:14am

I believe if Let’s Encrypt was blocking something, you would receive a reply containing some hints as to why. This looks more like networking issues, which could be specific to your hoster or its uplink for example. Also notice that the API is supposed to be queried over HTTPS, not HTTP (port 80 in your curl example), though with your query you would still be expected to get a 301 “Moved Permanently” reply.

jillian · March 12, 2020, 8:08pm

Correct, if your IP was blocked you would get an HTTP status code and response that tells you your IP is blocked for too much traffic. That text also contains an email address to ask for an unblock.

JuergenAuer · March 12, 2020, 8:56pm

Hi @LetsEncryptFan

what says

traceroute  acme-v02.api.letsencrypt.org

or

traceroute  -4 acme-v02.api.letsencrypt.org
traceroute  -6 acme-v02.api.letsencrypt.org

LetsEncryptFan · March 13, 2020, 4:07am

1 10.8.0.1 (10.8.0.1) 26.073 ms 26.072 ms 26.071 ms
2 10.0.0.49 (10.0.0.49) 26.070 ms 26.069 ms 26.067 ms
3 six.as13335.com (206.81.81.10) 26.066 ms 40.229 ms 40.222 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

_az · March 13, 2020, 4:35am

Uh. What about this (they use the same CDN as Let’s Encrypt’s API):

tracert digitalocean.com

If it gives the same result, you need to go to SpartanHost, because they’ve broken something on their side.

LetsEncryptFan · March 13, 2020, 5:20am

Digital ocean loads fine

JuergenAuer · March 13, 2020, 7:59am

Oh, that looks bad. Normally, that should work.

D:\temp>tracert -4 acme-v02.api.letsencrypt.org

1 <1 ms <1 ms <1 ms fritz.box [192.168.0.1]
2 5 ms 5 ms 4 ms 62.155.240.117
3 6 ms 6 ms 6 ms 217.239.55.26
4 6 ms 6 ms 6 ms 217.239.55.26
5 6 ms 5 ms 7 ms lag-10.edge4.Berlin1.Level3.net [4.68.73.5]
6 6 ms 6 ms 7 ms ae-2-3602.edge3.Berlin1.Level3.net [4.69.159.5]
7 7 ms 7 ms 6 ms unknown.Level3.net [212.162.40.34]
8 7 ms 7 ms 7 ms 172.65.32.248

Ask your hoster why this is blocked.

Perhaps reduce your MTU to 1300 or 1100.

system · April 12, 2020, 7:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.