IP blocked? reset by peer

My domain is: ggp-gruppe.de

I ran this command:
curl https://acme-v02.api.letsencrypt.org/directory

It produced this output:
curl: (35) Recv failure: Connection reset by peer

My web server is (include version):
nginx proxy manager v2.12.2

The operating system my web server runs on is (include version):
Debian GNU/Linux 12 (bookworm)

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.0

Hi guys,

seems like the IP im working with is getting blocked. When I try to renew a certificate, the connection gets reset by the peer. When i do curl -I https://google.de it works fine (HTTP/2 200)
Certificate renewal just stopped working for me.

Can please take a look and check if 23.88.20.75 is blocked?

Also check you don't have any security/malware tools that filter outgoing https traffic according to some kind of periodically updated list.

Thanks for the reply, we have no such tools in use but to make sure I made a simple test:
dig acme-v02.api.letsencrypt.org > 172.65.32.248
nc -zv 172.65.32.248 443 > (UNKNOWN) [172.65.32.248] 443 (https) open

Let's Encrypt does not do IP blocks like that anymore.

What do these show?

echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head -20

sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org

curl https://api.buypass.com/acme/directory

You may need to install the traceroute package in Debian.

Ok, good to know.

The good news is I got it working again. The bad news is I don't know what it was; I guess some network shenanigans. I gave up and built a new network (identical to the old one, except for the IP range) and set up a completely new machine.

Thank you guys for trying to help me