My IP seems to have been banned

LorenDB · December 14, 2023, 2:35am

I seem to have been blacklisted by Let's Encrypt. This is probably because I've been restarting caddy a lot as I'm setting up my server. Could that be looked into?

I've run commands that I've seen on Can't connect to acme-v02.api.letsencrypt.org, and I think I have the same problem that the OP in that thread was having.

My domain is: segfault.foo

I ran this command: docker compose up -d caddy

It produced this output:

{"level":"info","ts":1702520190.4867167,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
{"level":"info","ts":1702520190.4902906,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["segfault.foo","nextcloud.segfault.foo","matrix.segfault.foo","vault.segfault.foo","mail.segfault.foo"]}
{"level":"info","ts":1702520190.490854,"logger":"tls.obtain","msg":"acquiring lock","identifier":"segfault.foo"}
{"level":"info","ts":1702520190.4909043,"logger":"tls.obtain","msg":"acquiring lock","identifier":"nextcloud.segfault.foo"}
{"level":"info","ts":1702520190.4909377,"logger":"tls.obtain","msg":"acquiring lock","identifier":"matrix.segfault.foo"}
{"level":"info","ts":1702520190.4910824,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mail.segfault.foo"}
{"level":"info","ts":1702520190.4911695,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vault.segfault.foo"}
{"level":"warn","ts":1702520190.5096452,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"4776029c-c8ea-4812-88cb-0a1b2933626c","try_again":1702606590.5096433,"try_again_in":86399.999999161}
{"level":"info","ts":1702520190.5097156,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1702520190.5428674,"logger":"tls.obtain","msg":"lock acquired","identifier":"nextcloud.segfault.foo"}
{"level":"info","ts":1702520190.5428746,"logger":"tls.obtain","msg":"lock acquired","identifier":"mail.segfault.foo"}
{"level":"info","ts":1702520190.5428655,"logger":"tls.obtain","msg":"lock acquired","identifier":"vault.segfault.foo"}
{"level":"info","ts":1702520190.5428758,"logger":"tls.obtain","msg":"lock acquired","identifier":"matrix.segfault.foo"}
{"level":"info","ts":1702520190.5429904,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"mail.segfault.foo"}
{"level":"info","ts":1702520190.5430102,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"nextcloud.segfault.foo"}
{"level":"info","ts":1702520190.5430696,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"matrix.segfault.foo"}
{"level":"info","ts":1702520190.542876,"logger":"tls.obtain","msg":"lock acquired","identifier":"segfault.foo"}
{"level":"info","ts":1702520190.5430841,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.segfault.foo"}
{"level":"info","ts":1702520190.5432212,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"segfault.foo"}
{"level":"warn","ts":1702520220.544093,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520250.7953544,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520281.0464087,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520281.0465562,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.segfault.foo","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [mailto:computersemiexpert@outlook.com] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520291.3977273,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.segfault.foo","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout"}
{"level":"error","ts":1702520291.3978453,"logger":"tls.obtain","msg":"will retry","error":"[vault.segfault.foo] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout","attempt":1,"retrying_in":60,"elapsed":100.85489148,"max_duration":2592000}
{"level":"warn","ts":1702520311.0470743,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520341.2978137,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"info","ts":1702520351.3991094,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.segfault.foo"}
{"level":"warn","ts":1702520371.548644,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520371.5487475,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.segfault.foo","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [mailto:computersemiexpert@outlook.com] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1702520381.8396783,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.segfault.foo","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout"}
{"level":"error","ts":1702520381.83978,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.segfault.foo] Obtain: account pre-registration callback: performing EAB credentials request: Post \"https://api.zerossl.com/acme/eab-credentials-email\": net/http: TLS handshake timeout","attempt":1,"retrying_in":60,"elapsed":191.296899398,"max_duration":2592000}
{"level":"warn","ts":1702520401.5496554,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1702520431.8014088,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"info","ts":1702520441.8405747,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"nextcloud.segfault.foo"}
{"level":"warn","ts":1702520442.0568674,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 192.168.1.1:53: read udp 192.168.1.143:42898->192.168.1.1:53: i/o timeout"}
{"level":"error","ts":1702520442.0569594,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"mail.segfault.foo","issuer":"acme-v02.api.letsencrypt.org-directory","error":"registering account [mailto:computersemiexpert@outlook.com] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 192.168.1.1:53: read udp 192.168.1.143:42898->192.168.1.1:53: i/o timeout"}

My web server is (include version): caddy 2.7.6

The operating system my web server runs on is (include version): openSUSE Tumbleweed

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): IDK, whatever caddy provides

webprofusion · December 14, 2023, 3:16am

This error says your DNS query for acme-v02.api.letsencrypt.org on the local network is timing out.

Let's Encrypt have previously stated that they only have a handful of actual IP blocks, so the likelihood if your IP being blocked is almost zero.

You should investigate whether you have basic network connectivity first. Try

curl https://acme-v02.api.letsencrypt.org/directory

which should return something like

{
  "dIyRK7rj1x0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

If that doesn't work try
curl https://google.com to confirm normal outgoing https works, and try curl -I https://speed.cloudflare.com to check basic connectivity to cloudflare works.

LorenDB · December 14, 2023, 3:26am

Funny, Caddy started working again. I guess it's the law of the internet that once you ask about it, it starts working again. Thanks for the quick response though!

system · January 13, 2024, 3:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I think my home IP is blocked for my Caddy server Help	12	498	June 10, 2024
Need unblock my IP---thanks for your help Help	9	917	November 10, 2019
Check if IP is blocked HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Help	9	697	October 26, 2023
Need unblock IP Help	32	3777	November 14, 2019
IP has been blocked Help	7	2380	November 6, 2019

My IP seems to have been banned

Related topics