mykola
September 6, 2018, 11:14am
1
I wrote application on Java with framework org.shredzone.acme4j.java.net.SocketTimeoutException: connect timed out
# curl -4 https://acme-v01.api.letsencrypt.org/directory Adding random entries to the directory ",https://acme-v01.api.letsencrypt.org/acme/key-change ",letsencrypt.org "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf ",https://letsencrypt.org "https://acme-v01.api.letsencrypt.org/acme/new-authz ",https://acme-v01.api.letsencrypt.org/acme/new-cert ",https://acme-v01.api.letsencrypt.org/acme/new-reg ",https://acme-v01.api.letsencrypt.org/acme/revoke-cert "# curl -4 https://acme-v01.api.letsencrypt.org/directory acme-v01.api.letsencrypt.org:443 ; Connection timed out#
All request from one IP address 193.106.248.41
What am I doing wrong?
Hi,
Can you please share us a more detailed output?
curl -4 -v https://acme-v01.api.letsencrypt.org/directory
Thank you
mykola
September 6, 2018, 11:20am
3
# curl -4 -v https://acme-v01.api.letsencrypt.org/directory
* About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
* Trying 23.59.119.218...
* Connection timed out
* Failed connect to acme-v01.api.letsencrypt.org:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to acme-v01.api.letsencrypt.org:443; Connection timed out
#
@lestaff is this another akamai issue?
mykola
September 6, 2018, 11:49am
5
My trace to acme-v01.api.letsencrypt.org
# mtr -c 1 -r acme-v01.api.letsencrypt.org
Start: Thu Sep 6 14:46:22 2018
HOST: xxxxx Loss% Snt Last Avg Best Wrst StDev
1.|-- 10.2.1.22 0.0% 1 0.1 0.1 0.1 0.1 0.0
2.|-- 80.77.167.217 0.0% 1 0.5 0.5 0.5 0.5 0.0
3.|-- 62.140.243.22 0.0% 1 26.1 26.1 26.1 26.1 0.0
4.|-- 149.6.140.141 0.0% 1 26.7 26.7 26.7 26.7 0.0
5.|-- 154.25.9.45 0.0% 1 29.1 29.1 29.1 29.1 0.0
6.|-- 154.54.56.189 0.0% 1 26.7 26.7 26.7 26.7 0.0
7.|-- 130.117.0.2 0.0% 1 29.7 29.7 29.7 29.7 0.0
8.|-- 130.117.15.86 0.0% 1 26.5 26.5 26.5 26.5 0.0
9.|-- 195.219.87.17 0.0% 1 42.8 42.8 42.8 42.8 0.0
10.|-- 195.219.87.94 0.0% 1 40.0 40.0 40.0 40.0 0.0
11.|-- 195.219.188.6 0.0% 1 27.2 27.2 27.2 27.2 0.0
12.|-- ??? 100.0 1 0.0 0.0 0.0 0.0 0.0
cpu
September 6, 2018, 1:03pm
6
Hi @mykola ,
Thanks for the mtr. Can you also provide the output from these commands run on the affected server?
curl http://ipv4.whatismyip.akamai.com/ ; echo
curl http://ipv6.whatismyip.akamai.com/ ; echo
dig +short whoami.ipv4.akahelp.net TXT
dig +short whoami.ipv6.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
dig +short whoami.ds.akahelp.net TXT
mykola
September 6, 2018, 2:58pm
7
Yes, of course (Sorry of my English)
# curl http://ipv4.whatismyip.akamai.com/ ; echo
193.106.248.41
# curl http://ipv6.whatismyip.akamai.com/ ; echo
curl: (7) Failed to connect to 2a03:5f80:a::b212:e752: Network is unreachable
# dig +short whoami.ipv4.akahelp.net TXT
"ns" "193.106.248.10"
# dig +short whoami.ipv6.akahelp.net TXT
# dig +short whoami.ds.akahelp.net TXT
"ns" "193.106.248.10"
# dig +short whoami.ds.akahelp.net TXT
"ns" "193.106.248.10"
# dig +short whoami.ds.akahelp.net TXT
"ns" "193.106.248.10"
I was able to get certificate after half an hour when I printed out first mtr.
$ mtr -c 1 -r -n acme-v01.api.letsencrypt.org
Start: Thu Sep 6 17:49:03 2018
HOST: xxxx Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.1.1 0.0% 1 0.2 0.2 0.2 0.2 0.0
2.|-- 109.108.70.1 0.0% 1 0.6 0.6 0.6 0.6 0.0
3.|-- 92.244.96.21 0.0% 1 0.6 0.6 0.6 0.6 0.0
4.|-- 92.244.96.77 0.0% 1 0.6 0.6 0.6 0.6 0.0
5.|-- 87.245.247.9 0.0% 1 1.0 1.0 1.0 1.0 0.0
6.|-- 87.245.232.245 0.0% 1 31.8 31.8 31.8 31.8 0.0
7.|-- 195.219.50.37 0.0% 1 31.7 31.7 31.7 31.7 0.0
8.|-- 195.219.87.17 0.0% 1 46.8 46.8 46.8 46.8 0.0
9.|-- 195.219.87.94 0.0% 1 45.2 45.2 45.2 45.2 0.0
10.|-- 195.219.188.6 0.0% 1 45.6 45.6 45.6 45.6 0.0
11.|-- 23.59.119.218 0.0% 1 46.2 46.2 46.2 46.2 0.0
I get all time response when execute command on problem server.
# curl -4 -v https://acme-v01.api.letsencrypt.org/directory
* About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
* Trying 23.59.119.218...
* Connected to acme-v01.api.letsencrypt.org (23.59.119.218) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: Aug 03 01:36:30 2018 GMT
* expire date: Nov 01 01:36:30 2018 GMT
* common name: acme-v02.api.letsencrypt.org
* issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET /directory HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-v01.api.letsencrypt.org
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: application/json
< Content-Length: 658
< Replay-Nonce: wB0g917rbcXiPC1YevrITv1Zf05MST6D7ubkEXlYpEQ
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< Expires: Thu, 06 Sep 2018 14:54:10 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Thu, 06 Sep 2018 14:54:10 GMT
< Connection: keep-alive
<
{
"Tb0zUomw_OE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v01.api.letsencrypt.org left intact
}
system
October 6, 2018, 2:58pm
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.