Issue with Lets Encrypt


#1

Please fill out the fields below so we can help you better.

My domain is: server1.hastehosting

I ran this command: ping acme-v01.api.letsencrypt.org every command possible

It produced this output: nothing

My operating system is (include version): Centos 7.0 (cloud linux)

My web server is (include version): CPanel (Latest)

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel

When I try to ping, I get no response, when I try to curl I get no response. When attempt to create an SSL, I get this…

Error issuing certificate
Failed to issue certificate
Error connecting to service: Get https://acme-v01.api.letsencrypt.org/directory: dial tcp 23.222.118.106:443: i/o timeout

Can someone please check and see if we are IPBanned? I am a hosting provider and would value some feedback, greatly appreciate it!


#2

I do not believe there is IP based filtering

The fact you can’t ping or open up a telnet suggest there is something firewalling outbound connections

the servers seem fine and you resolved IP is fine

Andrei


#3

Thankyou for the feedback. Yes I am a hosting provider so you are correct it shouldnt be an issue. Since I provided the hostname, it wouldnt be difficult to ping the hostname to get the ip :wink: But I guess it would help if I provided the .com. I can confirm 100% that our firewall is not blocking the IP, and it seems to randomly happen. Our server IP is 172.93.236.90. Any help would be appreciated.

Thanks,
Jake


#4

Hello,
Is there any way to get staff involved to check if for some reason we are being IP banned? I checked with our datacenter as well and it appears we are being blocked by the server.


#5

@ae9803

Do you have another Server to test the ping, not in your own IP-Range. For Example by another Provider.

What’s the output of a traceroute? traceroute -I acme-v01.api.letsencrypt.org

Greetz Sm3rT


#6

Thankyou for the reply,

Here is from a different server.

[root@svr ~]# traceroute -I acme-v01.api.letsencrypt.org

traceroute to acme-v01.api.letsencrypt.org (23.4.24.253), 30 hops max, 60 byte packets
1 66.11.119.202 (66.11.119.202) 0.052 ms 0.017 ms 0.013 ms
2 * * *
3 144.168.41.1 (144.168.41.1) 0.626 ms 0.702 ms 0.697 ms
4 144.168.32.1 (144.168.32.1) 0.440 ms 0.440 ms 0.469 ms
5 equinix-da.5-3.r2.da.hwng.net (206.223.118.73) 0.552 ms 0.553 ms 0.547 ms
6 ix-ae-10-301.tcore1.DT8-Dallas.as6453.net (66.110.56.97) 0.529 ms 0.559 ms 0.588 ms
7 if-ae-2-2.tcore2.DT8-Dallas.as6453.net (66.110.56.6) 31.567 ms 31.657 ms 31.725 ms
8 if-ae-34-2.tcore1.LVW-Los-Angeles.as6453.net (66.110.57.21) 31.509 ms 31.504 ms 31.596 ms
9 * * *
10 if-ae-6-20.tcore1.EQL-Los-Angeles.as6453.net (64.86.252.66) 31.002 ms 31.005 ms 30.909 ms
11 206.82.129.50 (206.82.129.50) 33.487 ms 35.127 ms 35.112 ms
12 a23-4-24-253.deploy.static.akamaitechnologies.com (23.4.24.253) 35.084 ms 35.042 ms 35.108 ms
[root@svr ~]#


#7

@cpu @jsha, here is a new connectivity problem to the API endpoint.


#8

I’ve flagged our ops team to diagnose. Thanks


#9

Thankyou for your help!


#10

I am able to traceroute again from the orginal server, Please see below

[root@server1 ~]# traceroute -I acme-v01.api.letsencrypt.org

traceroute to acme-v01.api.letsencrypt.org (172.226.80.115), 30 hops max, 60 byte packets
1 45.43.4.1 (45.43.4.1) 1.289 ms 1.332 ms *
2 * * *
3 144.168.41.1 (144.168.41.1) 0.671 ms 0.713 ms 0.727 ms
4 144.168.32.1 (144.168.32.1) 0.422 ms 0.454 ms 0.465 ms
5 equinix-da.5-3.r2.da.hwng.net (206.223.118.73) 0.529 ms 0.557 ms 0.566 ms
6 ix-ae-10-301.tcore1.DT8-Dallas.as6453.net (66.110.56.97) 0.534 ms 0.460 ms 0.533 ms
7 * * *
8 * * *
9 * * *
10 * * a172-226-80-115.deploy.static.akamaitechnologies.com (172.226.80.115) 22.207 ms


#11

With the tracereoute information you’ve provided, Akamai has been able to run several MTR queries from those specific Edge servers to your host ip and hostname.

When querying to the hostname:

HOST: a23-79-255-163.deploy.akama Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- a23-3-98-1.deploy.static.  0.0%    10    1.6   2.7   1.5   6.9   1.9
  2.|-- chi-b21-link.telia.net     0.0%    10    1.8   1.6   1.4   1.9   0.0
  3.|-- kanc-b1-link.telia.net     0.0%    10   13.5  13.5  13.5  13.8   0.0
  4.|-- dls-b21-link.telia.net     0.0%    10   23.7  24.2  23.7  26.9   0.8
  5.|-- modmission-ic-317651-dls-  0.0%    10   23.8  23.8  23.7  24.1   0.0
  6.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  7.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  8.|-- 144.168.34.94              0.0%    10   22.7  22.9  22.6  23.7   0.0
  9.|-- server1.hastehosting.com   0.0%    10   22.2  22.5  22.2  23.7   0.3

And when querying the ip address you provided of 172.93.236.90

HOST: a23-79-255-163.deploy.akama Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 23.3.98.1                  0.0%    10    1.6   1.8   1.4   2.9   0.3
  2.|-- 208.184.110.253            0.0%    10    2.0   1.8   1.1   3.7   0.7
  3.|-- 64.125.31.84               0.0%    10   23.4  23.5  23.3  24.2   0.0
  4.|-- 64.125.30.242              0.0%    10   23.0  26.0  22.7  49.9   8.4
  5.|-- 64.125.29.208              0.0%    10   23.1  23.7  23.1  25.9   0.7
  6.|-- 64.125.29.203              0.0%    10   22.7  24.0  22.7  34.6   3.7
  7.|-- 64.125.29.229              0.0%    10   36.7  29.1  23.1  57.8  11.0
  8.|-- 64.125.30.249              0.0%    10   26.5  26.5  26.4  26.7   0.0
  9.|-- 64.125.31.42               0.0%    10   23.7  23.3  22.7  25.0   0.7
 10.|-- 213.140.55.221             0.0%    10   25.4  23.8  23.3  25.4   0.6
 11.|-- 176.52.251.66              0.0%    10   44.6  47.0  44.6  49.1   1.3
 12.|-- 5.53.3.142                 0.0%    10  161.0 160.1 159.8 161.0   0.3
 13.|-- 213.140.39.186             0.0%    10  171.3 175.1 171.2 206.6  11.1
 14.|-- 187.100.48.122             0.0%    10  172.3 171.7 171.2 173.4   0.5
 15.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

It looks like a router is misconfigured when trying to access by ip. We’re still looking into this since it differs by resolving the hostname or the ip


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.