Is my domain or ip blacklisted?

My domain is: testvjas.vnua.edu.vn

I ran this command: "/root/.acme.sh/acme.sh --issue -d testvjas.vnua.edu.vn -d www.testvjas.vnua.edu.vn --cert-file /etc/letsencrypt/live/testvjas.vnua.edu.vn/cert.pem --key-file /etc/letsencrypt/live/testvjas.vnua.edu.vn/privkey.pem --fullchain-file /etc/letsencrypt/live/testvjas.vnua.edu.vn/fullchain.pem -w /home/testvjas.vnua.edu.vn/public_html --force --debug"

It produced this output:"[Mon Jun 10 03:18:00 AM UTC 2024] Please refer to libcurl - Error Codes for error code: 7
[Mon Jun 10 03:18:00 AM UTC 2024] Here is the curl dump log:
[Mon Jun 10 03:18:00 AM UTC 2024] == Info: Trying 172.65.32.248:443...
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
== Info: connect to 172.65.32.248 port 443 failed: Connection refused
== Info: Failed to connect to acme-v02.api.letsencrypt.org port 443 after 101221 ms: Connection refused
== Info: Closing connection 0"

My web server is (include version): Ubuntu 22.04 LTS

The operating system my web server runs on is (include version): cyberpanel 2.3.5

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cyberpanel 2.3.5

I tried the command 'traceroute acme-v02.api.letsencrypt.org'
then the last connection i got was to '172.70.212.4 (172.70.212.4) 225.183 ms 200.057 ms *' then the connection broke

This will never help you. Remove it.

This looks like you don't have IPv6 access set up. While you might be able to live without it, it's pretty standard to have now.

If it's early in the traceroute, then this sounds like your IPv4 network may be misconfigured, and is trying to send traffic for 172.65.* to some internal network. While 172.16.* through 172.31.* are designated as private address space, other addresses starting with 172. are "normal" public IPs that should be routed through the Internet. You need to fix your router and/or firewall configuration.

If you're getting out to your ISP and then it breaks, it may be a bit more complicated and may be someone else's network which is broken. Can you post the full traceroute?

7 Likes

Here https://letsdebug.net/testvjas.vnua.edu.vn/2020125?debug=y is showing

ANotWorking
ERROR
testvjas.vnua.edu.vn has an A (IPv4) record (220.231.107.154) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with testvjas.vnua.edu.vn/220.231.107.154: Get "http://testvjas.vnua.edu.vn/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://testvjas.vnua.edu.vn/.well-known/acme-challenge/letsdebug-test (using initial IP 220.231.107.154)
@0ms: Dialing 220.231.107.154
@10000ms: Experienced error: context deadline exceeded

I believe this is part of the issue: @10000ms: Experienced error: context deadline exceeded

And similar results with this desktop tool https://httpschecker.net/
Platforms Available Here (Windows, Mac & Ubuntu Linux)
Attached here is the crawl_error_log.txt file that has several lines of things like this

[2024-06-11T02:43:33.632Z] Fetch Timeout: https://testvjas.vnua.edu.vn/index.php/vjas/issue/view/28 took longer to respond than the timeout value (15000) (Referrer: https://testvjas.vnua.edu.vn/index.php/vjas)

that contains "took longer to respond than the timeout value (15000)"
crawl_error_log.txt (19.7 KB)

3 Likes

Thank you, I tested this page before and got good results, maybe the results you tested while I was editing the IP

2 Likes

Thank you
Maybe it's due to my firewall, when I connect directly to the network router, the above situation does not occur.

2 Likes

Then it does sound like that firewall is blocking the connection to Let's Encrypt's servers, due to either misconfiguration or intention.

3 Likes