Is my IP blocked?

Hello! My traefik client is unable to receive a certificate.

My domain is:
randp.ch

I ran this command:
I am using traefik 2.9.6 with automatic certificate request

It produced this output:
time="2023-03-07T06:21:07Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2023-03-07T06:21:07Z" level=info msg="Starting provider *traefik.Provider"
time="2023-03-07T06:21:07Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2023-03-07T06:21:13Z" level=error msg="Unable to obtain ACME certificate for domains "dash.randp.ch": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:46866->127.0.0.11:53: read: connection refused" routerName=traefik@docker rule="Host(dash.randp.ch)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2023-03-07T06:21:13Z" level=error msg="Unable to obtain ACME certificate for domains "portainer.randp.ch": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:33878->127.0.0.11:53: read: connection refused" routerName=myresolver@docker providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host(portainer.randp.ch)"

My web server is (include version):
VPS server

The operating system my web server runs on is (include version):
Ubuntu 22.04

My hosting provider, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

The version of my client is:
certbot 1.21.0

The output of "echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head":

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-v02.api.letsencrypt.org
verify return:1
DONE
CONNECTED(00000003)

Certificate chain
0 s:CN = acme-v02.api.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 6 22:31:53 2023 GMT; NotAfter: Apr 6 22:31:52 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256

traceroute:
traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 k22-b14-lt1.kvm.serveriai.lt (31.14.179.94) 0.068 ms 0.032 ms 0.028 ms
2 ae030-wan2.rackray.com (185.38.165.14) 0.223 ms 0.215 ms 0.189 ms
3 88-118-138-226.static.zebra.lt (88.118.138.226) 2.037 ms 2.317 ms 1.984 ms
4 81-7-119-27.static.zebra.lt (81.7.119.27) 1.115 ms 1.516 ms 1.465 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

DNS data:
; A Record
@ 600 IN A 109.235.70.230
dash 600 IN A 109.235.70.230
portainer 600 IN A 109.235.70.230

; CNAME Record

  • 3600 IN CNAME @
    www 3600 IN CNAME @

Your IP is not blocked, your container doesn't seem to have a working DNS resolver:

This likely means that something has gone wrong with the way you've set up your Docker networking.

5 Likes

Eventuallly I tried over 15 advices - none of them helped. Finally I reinstalled the server with another Ubuntu version (20.04), installed docker and other tools, and magically - it worked perfectly!
Issue is resolved, thanks!

1 Like