Let's encrypt blocked my IP, Please allowed it

shin-chan · May 8, 2023, 6:42am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nextcloud.independencenetwork.id

I ran this command: certbot renew --dry-run

It produced this output:
root@IDP: # certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing

/usr/local/etc/letsencrypt/renewal/nextcloud.independencenetwork.id.conf

Failed to renew certificate nextcloud.independencenetwork.id with error: Requesting acme-staging-v02.api.letsencrypt.org/directory: No route to host

My web server is (include version): NGINX 1.22.1

The operating system my web server runs on is (include version):
root@IDP:/usr/ports/security/py-certbot-apache # cat /etc/os-release
NAME=FreeBSD
VERSION="13.1-RELEASE-p5"
VERSION_ID="13.1"
ID=freebsd

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.2.0

_az · May 8, 2023, 6:51am

"No route to host" is typically a regular networking issue. When Let's Encrypt blocks an IP, a different message is usually seen.

Can you post a traceroute to acme-v02.api.letsencrypt.org?

rg305 · May 8, 2023, 7:02am

So, it worked previously.
hmm...
What has changed since the last cert issuance?

shin-chan · May 8, 2023, 7:04am

--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 34.494/35.532/36.692/0.901 ms
root@IDP:/usr/ports/security/py-certbot-nginx # traceroute acme-v02.api.letsencrypt.org
traceroute to ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248), 64 hops max, 40 byte packets
1 192.168.9.1 (192.168.9.1) 0.404 ms 0.404 ms 0.400 ms
2 202.146.225.1 (202.146.225.1) 7.554 ms 3.838 ms 2.910 ms
3 202.146.254.49 (202.146.254.49) 8.113 ms 1.264 ms 1.626 ms
4 * * *
5 202.146.254.1 (202.146.254.1) 24.795 ms 20.162 ms 27.880 ms
6 43.240.229.65 (43.240.229.65) 19.128 ms 31.990 ms 23.542 ms
7 43.240.229.170 (43.240.229.170) 19.796 ms 26.390 ms 29.259 ms
8 119.11.184.14 (119.11.184.14) 27.240 ms 37.647 ms 20.804 ms
9 * * *
10 * * *
11 * * *

but, i can ping
root@IDP:/usr/ports/security/py-certbot-nginx # ping acme-v02.api.letsencrypt.org

PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248): 56 databytes

64 bytes from 172.65.32.248: icmp_seq=0 ttl=55 time=2.233 ms

64 bytes from 172.65.32.248: icmp_seq=1 ttl=55 time=6.563 ms

64 bytes from 172.65.32.248: icmp_seq=2 ttl=55 time=4.122 ms

64 bytes from 172.65.32.248: icmp_seq=3 ttl=55 time=2.240 ms

64 bytes from 172.65.32.248: icmp_seq=4 ttl=55 time=2.301 ms

64 bytes from 172.65.32.248: icmp_seq=5 ttl=55 time=6.444 ms

64 bytes from 172.65.32.248: icmp_seq=6 ttl=55 time=12.078 ms

64 bytes from 172.65.32.248: icmp_seq=7 ttl=55 time=1.512 ms

64 bytes from 172.65.32.248: icmp_seq=8 ttl=55 time=17.309 ms

shin-chan · May 8, 2023, 7:05am

nothin, sir..

i just fresh install since January, and put auto renew at cron. But the cert can't renew

rg305 · May 8, 2023, 7:19am

Show outputs:
traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute -T -p 443 acme-staging-v02.api.letsencrypt.org

Bruce5051 · May 8, 2023, 2:47pm

"Let's encrypt blocked my IP, Please allowed it"

I really do not believe Let's Encrypt is blocking your IP Address; using the online tool Let's Debug and using the HTTP-01 challenge of the Challenge Types - Let's Encrypt yields https://letsdebug.net/nextcloud.independencenetwork.id/1472591

All OK!
OK

No issues were found with nextcloud.independencenetwork.id. If you are having problems with creating an SSL certificate, please visit the Let's Encrypt Community forums and post a question there.

~~Which demonstrates your IP Address is very likely not being blocked by Let's Encrypt.~~

rg305 · May 9, 2023, 4:16am

I guess the solution was to switch to ZeroSSL.

system · June 8, 2023, 4:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lets Encrypt blocked on 2 IP's I'm using Help	4	379	March 28, 2024
Unable to get a cert Help	10	297	June 14, 2024
Unban ip can’t renew certificate Help	31	137	December 3, 2024
Not able to renew SSL certificates Help	3	406	June 8, 2023
I think my Server IP is blocked or something Help	11	532	September 15, 2023

Let's encrypt blocked my IP, Please allowed it

Related topics