Letsencrypt.org not accessible from Iran

Hi.
I cannot visit letsencrypt.org from Iran. When I run curl -L letsencrypt.org I receive 503 service unavailable.
I tried using different network connections and environments. But only when I use a VPN, I can access the website.
Is there any certain policy that blocks connections from Iran? If so why? As you may already know, SSL services are not part of EAR. And if there is not any policy preventing connections from Iran, why is this happening?

P. S. I have not recently tested certificate issuance. I do not know if that works or not.

Hi @aerfanr welcome to the forum.

Unfortunately we have heard and seen this before.

To quote a highly respected member and former certbot engineer, @schoen :

It’s possible that this restriction relates to some of EFF’s other work, which sometimes involves issues that may be controversial in Iran. If there is a restriction, it was applied by Iranian ISPs and not by EFF, which welcomes people in Iran to read our site (and also to download an…

Have look at the link above and possibly run a search or two on the forum for more information.
Maybe another member will have something to add.

This is an unusual situation. I will say what I know here and maybe other users can figure it out.

shecan.ir is a "legal" Iranian service which allows access from inside Iran to the websites than are not censored by Iranian government but are blocked from outside of Iran. And this website claims that Let's Encrypt is blocking access from Iran and I can access letsencrypt.org by using their service.

Iranian government uses all kinds of tricks to censor foreign websites, but I never saw something like this. There is a probability that they are lying; But why? I cannot see the point here. They censor letsencrypt.org and then enable its access using a legal proxy? I don't get it.

Well I hope someone could use this information and figure out a solution. Thanks.

I am fairly certain LetsEncrypt does not block web access from Iran. Some specific types of domains in Iran are ineligible for certificates due to sanctions, but the letsencrypt staff have made is clear in the past that most domains from Iran are able to be issued certificates.

I'd also add that I think my prior comment was about someone not being able to reach https://certbot.eff.org/, which is potentially a different problem from not being able to reach https://letsencrypt.org/, as the two are different legal organizations, different domains, and hosted on different infrastructure (though they do have a relationship with one another).

I’m so sorry about the trouble! Here is an answer from Netlify, which is our Web site’s hosting provider:

This should only be affecting our Web site, not our API (that is, the ability to receive certificates) or OCSP (verifying certificate status).

This issue is no longer reproducible by me. I can access letsencrypt.org from the same environment I used before. but shecan.ir is still reporting letsencrypt.org as blocked because of sanctions.
I do not completely understand the technical aspects of this problem and I only guess the issue was related to Netlify. I hope the issue is fully resolved now.
Thank you for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.