Last 2 days i get java.net.SocketTimeoutException: connect timed out


#1

I wrote application on Java with framework org.shredzone.acme4j.
This application for getting certificates for our clients.
Last 2 days we get java.net.SocketTimeoutException: connect timed out
When I test connection from CLI some time I get timeout

# curl -4 https://acme-v01.api.letsencrypt.org/directory
{
“hoR_A5p65js”: “Adding random entries to the directory”,
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert
}
# curl -4 https://acme-v01.api.letsencrypt.org/directory
curl: (7) Failed connect to acme-v01.api.letsencrypt.org:443; Connection timed out
#

All request from one IP address 193.106.248.41

What am I doing wrong?


#2

Hi,

Can you please share us a more detailed output?

curl -4 -v https://acme-v01.api.letsencrypt.org/directory

Thank you


#3
# curl -4 -v https://acme-v01.api.letsencrypt.org/directory
* About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
*   Trying 23.59.119.218...
* Connection timed out
* Failed connect to acme-v01.api.letsencrypt.org:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to acme-v01.api.letsencrypt.org:443; Connection timed out
#

#4

@lestaff is this another akamai issue?


#5

My trace to acme-v01.api.letsencrypt.org

# mtr -c 1 -r acme-v01.api.letsencrypt.org
Start: Thu Sep  6 14:46:22 2018
HOST: xxxxx                       Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 10.2.1.22                  0.0%     1    0.1   0.1   0.1   0.1   0.0
  2.|-- 80.77.167.217              0.0%     1    0.5   0.5   0.5   0.5   0.0
  3.|-- 62.140.243.22              0.0%     1   26.1  26.1  26.1  26.1   0.0
  4.|-- 149.6.140.141              0.0%     1   26.7  26.7  26.7  26.7   0.0
  5.|-- 154.25.9.45                0.0%     1   29.1  29.1  29.1  29.1   0.0
  6.|-- 154.54.56.189              0.0%     1   26.7  26.7  26.7  26.7   0.0
  7.|-- 130.117.0.2                0.0%     1   29.7  29.7  29.7  29.7   0.0
  8.|-- 130.117.15.86              0.0%     1   26.5  26.5  26.5  26.5   0.0
  9.|-- 195.219.87.17              0.0%     1   42.8  42.8  42.8  42.8   0.0
 10.|-- 195.219.87.94              0.0%     1   40.0  40.0  40.0  40.0   0.0
 11.|-- 195.219.188.6              0.0%     1   27.2  27.2  27.2  27.2   0.0
 12.|-- ???                       100.0     1    0.0   0.0   0.0   0.0   0.0

#6

Hi @mykola,

Thanks for the mtr. Can you also provide the output from these commands run on the affected server?

curl http://ipv4.whatismyip.akamai.com/ ; echo
curl http://ipv6.whatismyip.akamai.com/ ; echo
dig +short whoami.ipv4.akahelp.net TXT
dig +short whoami.ipv6.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT

#7

Yes, of course (Sorry of my English)

# curl http://ipv4.whatismyip.akamai.com/ ; echo
193.106.248.41
# curl http://ipv6.whatismyip.akamai.com/ ; echo
curl: (7) Failed to connect to 2a03:5f80:a::b212:e752: Network is unreachable
# dig +short whoami.ipv4.akahelp.net TXT
"ns" "193.106.248.10"
# dig +short whoami.ipv6.akahelp.net TXT
# dig +short whoami.ds.akahelp.net TXT
"ns" "193.106.248.10"
# dig +short whoami.ds.akahelp.net TXT
"ns" "193.106.248.10"
# dig +short whoami.ds.akahelp.net TXT
"ns" "193.106.248.10"

I was able to get certificate after half an hour when I printed out first mtr.
Service all time was available from my home PC. That mtr from my home

$ mtr -c 1 -r -n acme-v01.api.letsencrypt.org
Start: Thu Sep  6 17:49:03 2018
HOST: xxxx                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.1.1                0.0%     1    0.2   0.2   0.2   0.2   0.0
  2.|-- 109.108.70.1               0.0%     1    0.6   0.6   0.6   0.6   0.0
  3.|-- 92.244.96.21               0.0%     1    0.6   0.6   0.6   0.6   0.0
  4.|-- 92.244.96.77               0.0%     1    0.6   0.6   0.6   0.6   0.0
  5.|-- 87.245.247.9               0.0%     1    1.0   1.0   1.0   1.0   0.0
  6.|-- 87.245.232.245             0.0%     1   31.8  31.8  31.8  31.8   0.0
  7.|-- 195.219.50.37              0.0%     1   31.7  31.7  31.7  31.7   0.0
  8.|-- 195.219.87.17              0.0%     1   46.8  46.8  46.8  46.8   0.0
  9.|-- 195.219.87.94              0.0%     1   45.2  45.2  45.2  45.2   0.0
 10.|-- 195.219.188.6              0.0%     1   45.6  45.6  45.6  45.6   0.0
 11.|-- 23.59.119.218              0.0%     1   46.2  46.2  46.2  46.2   0.0

I get all time response when execute command on problem server.

# curl -4 -v https://acme-v01.api.letsencrypt.org/directory
* About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
*   Trying 23.59.119.218...
* Connected to acme-v01.api.letsencrypt.org (23.59.119.218) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=acme-v02.api.letsencrypt.org
*       start date: Aug 03 01:36:30 2018 GMT
*       expire date: Nov 01 01:36:30 2018 GMT
*       common name: acme-v02.api.letsencrypt.org
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET /directory HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-v01.api.letsencrypt.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: application/json
< Content-Length: 658
< Replay-Nonce: wB0g917rbcXiPC1YevrITv1Zf05MST6D7ubkEXlYpEQ
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< Expires: Thu, 06 Sep 2018 14:54:10 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Thu, 06 Sep 2018 14:54:10 GMT
< Connection: keep-alive
< 
{
  "Tb0zUomw_OE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v01.api.letsencrypt.org left intact
}

#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.