My IP seems to have been banned

I seem to have been blacklisted by Let's Encrypt. This is probably because I've been restarting caddy a lot as I'm setting up my server. Could that be looked into?

I've run commands that I've seen on Can't connect to acme-v02.api.letsencrypt.org, and I think I have the same problem that the OP in that thread was having.

My domain is: segfault.foo

I ran this command: docker compose up -d caddy

It produced this output:

{"level":"info","ts":1702520190.4867167,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
{"level":"info","ts":1702520190.4902906,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["segfault.foo","nextcloud.segfault.foo","matrix.segfault.foo","vault.segfault.foo","mail.segfault.foo"]}
{"level":"info","ts":1702520190.490854,"logger":"tls.obtain","msg":"acquiring lock","identifier":"segfault.foo"}
{"level":"info","ts":1702520190.4909043,"logger":"tls.obtain","msg":"acquiring lock","identifier":"nextcloud.segfault.foo"}
{"level":"info","ts":1702520190.4909377,"logger":"tls.obtain","msg":"acquiring lock","identifier":"matrix.segfault.foo"}
{"level":"info","ts":1702520190.4910824,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mail.segfault.foo"}
{"level":"info","ts":1702520190.4911695,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vault.segfault.foo"}
{"level":"warn","ts":1702520190.5096452,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"4776029c-c8ea-4812-88cb-0a1b2933626c","try_again":1702606590.5096433,"try_again_in":86399.999999161}
{"level":"info","ts":1702520190.5097156,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1702520190.5428674,"logger":"tls.obtain","msg":"lock acquired","identifier":"nextcloud.segfault.foo"}
{"level":"info","ts":1702520190.5428746,"logger":"tls.obtain","msg":"lock acquired","identifier":"mail.segfault.foo"}
{"level":"info","ts":1702520190.5428655,"logger":"tls.obtain","msg":"lock acquired","identifier":"vault.segfault.foo"}
{"level":"info","ts":1702520190.5428758,"logger":"tls.obtain","msg":"lock acquired","identifier":"matrix.segfault.foo"}
{"level":"info","ts":1702520190.5429904,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mail.segfault.foo"}
{"level":"info","ts":1702520190.5430102,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"nextcloud.segfault.foo"}
{"level":"info","ts":1702520190.5430696,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"matrix.segfault.foo"}
{"level":"info","ts":1702520190.542876,"logger":"tls.obtain","msg":"lock acquired","identifier":"segfault.foo"}
{"level":"info","ts":1702520190.5430841,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.segfault.foo"}
{"level":"info","ts":1702520190.5432212,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"segfault.foo"}
{"level":"warn","ts":1702520220.544093,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520250.7953544,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520281.0464087,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520281.0465562,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.segfault.foo","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [mailto:computersemiexpert@outlook.com] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520291.3977273,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.segfault.foo","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout"}
{"level":"error","ts":1702520291.3978453,"logger":"tls.obtain","msg":"will retry","error":"[vault.segfault.foo] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout","attempt":1,"retrying_in":60,"elapsed":100.85489148,"max_duration":2592000}
{"level":"warn","ts":1702520311.0470743,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520341.2978137,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"info","ts":1702520351.3991094,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.segfault.foo"}
{"level":"warn","ts":1702520371.548644,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520371.5487475,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.segfault.foo","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [mailto:computersemiexpert@outlook.com] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520381.8396783,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.segfault.foo","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout"}
{"level":"error","ts":1702520381.83978,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.segfault.foo] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout","attempt":1,"retrying_in":60,"elapsed":191.296899398,"max_duration":2592000}
{"level":"warn","ts":1702520401.5496554,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520431.8014088,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"info","ts":1702520441.8405747,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"nextcloud.segfault.foo"}
{"level":"warn","ts":1702520442.0568674,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 192.168.1.1:53: read udp 192.168.1.143:42898->192.168.1.1:53: i/o timeout"}
{"level":"error","ts":1702520442.0569594,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mail.segfault.foo","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [mailto:computersemiexpert@outlook.com] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 192.168.1.1:53: read udp 192.168.1.143:42898->192.168.1.1:53: i/o timeout"}

My web server is (include version): caddy 2.7.6

The operating system my web server runs on is (include version): openSUSE Tumbleweed

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): IDK, whatever caddy provides

This error says your DNS query for acme-v02.api.letsencrypt.org on the local network is timing out.

Let's Encrypt have previously stated that they only have a handful of actual IP blocks, so the likelihood if your IP being blocked is almost zero.

You should investigate whether you have basic network connectivity first. Try

curl https://acme-v02.api.letsencrypt.org/directory

which should return something like

{
  "dIyRK7rj1x0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

If that doesn't work try
curl https://google.com to confirm normal outgoing https works, and try curl -I https://speed.cloudflare.com to check basic connectivity to cloudflare works.

Funny, Caddy started working again. I guess it's the law of the internet that once you ask about it, it starts working again. Thanks for the quick response though!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.