Is my IP banned? Can this be undone?

Help
1

Hi,

Iḿ using Nginx proxy manager but since a few weeks i get internal errors when requesting or renewing an certificate.

Nothing has changed in my network/dns or whatever.

So i did a clean install from npm but still doesnt work.

When i check the logs i see the following error. Can this be checked if my WAN IP (94.209.14.242) is blocked and what do i need to do to get it unblocked and working again?

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-3" --agree-tos --authenticator webroot --email "buck@itbuck.nl" --preferred-challenges "dns,http" --domains "portainer.itbuck.nl"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NameResolutionError(": Failed to resolve 'acme-v02.api.letsencrypt.org' ([Errno -3] Temporary failure in name resolution)"))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Socket. (node:internal/child_process:458:11)
at Socket.emit (node:events:513:28)
at Pipe. (node:net:301:12)

With kind regards,

Buck Baggen

2

No, your DNS is malfunctioning as the error suggests.

6 Likes
3

Oh sorry then i did read it wrong.

I checked my DNS, i can ping google as example, but when i want to ping http://acme-v02.api.letsencrypt.org/ i get the error: name or service not known

To check if it is not my network, i tried from my work office (different network, different ISP, different WANIP etc.) But the same.

So i guess it is not a problem in my DNS?

4

Seems to be alright, just ran this:

$ dig @8.8.8.8 acme-v02.api.letsencrypt.org
[…]
;; ANSWER SECTION:
acme-v02.api.letsencrypt.org. 7200 IN   CNAME   prod.api.letsencrypt.org.
prod.api.letsencrypt.org. 300   IN      CNAME   ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com. 300 IN A 172.65.32.248
[…]

A couple of issues:

  1. Indeed the name “http://acme-v02.api.letsencrypt.org/” cannot exist in DNS, try pinging “acme-v02.api.letsencrypt.org
  2. This endpoint doesn't work with plain http, one must access it through https.
2 Likes
5

Oke, that was a bit stupid. I can indeed ping acme-v02.api.letsencrypt.org

So i searched in the DNS, cant find anything that is changed. I run NPM in a docker container and the compose file hasnt changed, neither something on the docker host or network.

But i added just to test one rule into the compose file from the npm container and now it works!

dns:
  - 1.1.1.1

On the same level as environment

Strange, because without that rule it worked before, i had like 10 proxy hosts with ssl cert in npm.

Maybe something changed with an automatic update or so, i have no explanation but happy it works now :slight_smile:

Thanks for the support!

3 Likes
6

If I had a dollar for every time the docker daemon DNS service randomly crashed on me I would not need a job :laughing:.

7 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.