Good afternoon.Certificate requests do not pass from my server. Support for ISP managers say that my IP address is blacklisted. I fixed it and now on the site https://whatismyipaddress.com/blacklist-check (my ip 148.251.90.228) it is on the green list.Can you help me with this problem?
LOG:
Type: ‘rpc’ Object: ‘query’ Value: ‘query: Couldn’t connect to server’
url: https://acme-v02.api.letsencrypt.org/directory
PING
[root@CentOS-76-64-minimal ~]# ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
^C
— ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics —
5 packets transmitted, 0 received, 100% packet loss, time 3999ms
My domain is: pittools.ru
I ran this command:
It produced this output:
My web server is (include version): APACHE FAST SGI
The operating system my web server runs on is (include version):CentOS-76-64-minimal
My hosting provider, if applicable, is: HETZNER.DE
I can login to a root shell on my machine (yes or no, or I don’t know): YES, I AM ROOT user
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
ISP MANAGER 5 (module lets,encript
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
Hi,
What’s the output of the command curl https://acme-v02.api.letsencrypt.org/directory
?
P.S. If this is really a blacklist issue, you might need to contact CloudFlare since they are the IP’s origin (and might blocked your IP)
Thank you
stevenzhu:
What’s the output of the command curl https://acme-v02.api.letsencrypt.org/directory
?
P.S. If this is really a blacklist issue, you might need to contact CloudFlare since they are the IP’s origin (and might blocked your IP)
Thank you
curl: (7) Failed connect to acme-v02.api.letsencrypt.org:443 ; Operation now in progress
I created a topic on cloudfare and as a result they sent me back to you, see the information that we discussed with them.
Complete!
[root@CentOS-76-64-minimal ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 static.161.90.251.148.clients.your-server.de (148.251.90.161) 1.988 ms 1.984 ms 2.003 ms
2 core24.fsn1.hetzner.com (213.239.229.13) 0.993 ms 0.299 ms core23.fsn1.hetzner.com (213.239.229.9) 0.302 ms
3 core1.fra.hetzner.com (213.239.203.153) 4.891 ms core0.fra.hetzner.com (213.239.252.37) 5.098 ms core5.fra.hetzner.com (213.239.224.250) 5.860 ms
4 core9.fra.hetzner.com (213.239.252.18) 5.270 ms core9.fra.hetzner.com (213.239.224.174) 5.058 ms 5.065 ms
5 162.158.84.254 (162.158.84.254) 6.065 ms 5.633 ms 6.054 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Hi @vovafrost2020
reduce your MTU. May be that's 1500, reduce it to 1300 or 1100.
Doesn't look like a Letsencrypt block (and I don't think Letsencrypt blocks ip addresses).
Should look like
D:\temp>tracert -4 acme-v02.api.letsencrypt.org
1 <1 ms <1 ms <1 ms fritz.box [192.168.0.1]
2 4 ms 4 ms 4 ms 62.155.240.117
3 6 ms 6 ms 6 ms 217.239.55.26
4 6 ms 6 ms 6 ms 217.239.55.26
5 6 ms 6 ms 6 ms lag-10.edge4.Berlin1.Level3.net [4.68.73.5]
6 6 ms 7 ms 6 ms ae-2-3602.edge3.Berlin1.Level3.net [4.69.159.5]
7 7 ms 7 ms 7 ms unknown.Level3.net [212.162.40.34]
8 7 ms 6 ms 7 ms 172.65.32.248
in hetzner network all ok
root@CentOS-76-64-minimal ~]# mtr -n -r -c 100 acme-v02.api.letsencrypt.org
Start: Fri Mar 20 09:43:34 2020
HOST: CentOS-76-64-minimal Loss% Snt Last Avg Best Wrst StDev
1.|-- 2a01:4f8: 20:b 0.0% 100 0.5 0.5 0.2 3.1 0.4
2.|-- 2a01:4f8:0:3::179 0.0% 100 0.4 2.5 0.4 46.1 6.4
3.|-- 2a01:4f8:0:3::1b9 0.0% 100 5.1 10.8 4.9 122.2 17.7
4.|-- 2a01:4f8:0:3::2fe 0.0% 100 5.2 10.2 5.2 146.7 16.3
5.|-- 2400:cb00:71:2:2:4940:: 0.0% 100 6.0 7.4 5.7 28.2 4.2
6.|-- ??? 100.0 100 0.0 0.0 0.0 0.0 0.0
There is nothing ok.
Should look like
D:\temp>tracert -6 acme-v02.api.letsencrypt.org
1 <1 ms <1 ms <1 ms fritz.box [2003:e9:ef3f:6700:f2b0:14ff:fe0e:fe2c]
2 5 ms 5 ms 4 ms 2003:0:8003:9800::1
3 * * * Zeitüberschreitung der Anforderung.
4 15 ms 13 ms 13 ms 2003:0:1403:c001::2
5 13 ms 14 ms 13 ms cloudflare-ic-314537-hbg-b1.c.telia.net [2001:2000:3080:e70::2]
6 13 ms 13 ms 13 ms 2606:4700:60:0:f53d:5624:85c7:3a2c
via ipv6.
There is a blocking instance you have to find.
system
Closed
April 19, 2020, 9:48am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.