My server IP probably blocked

Help
1

Good afternoon everyone.

Apparently my server's IP address is blocked.
My IP: 46.48.139.94.
Output from

  1. curl https://acme-v02.api.letsencrypt.org/directory is:
    curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 21064 ms: Couldn't connect to server

  2. tracert acme-v02.api.letsencrypt.org is:

Traceroute to ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com [172.65.32.248]
with the maximum number of jumps 30:

1 <1 мс <1 мс <1 мс 10.4.0.1
2 14 ms 14 ms 14 ms 46.48.139.93
3 13 ms 14 ms 14 ms 80.73.79.96
4 14 ms 14 ms 14 ms 80.73.79.68
5 14 ms 14 ms 14 ms 80.73.79.64
6 * 112 ms 112 ms 185.140.148.153
7 121 ms 115 ms 114 ms 95.71.2.226
8 111 ms 111 ms 111 ms 172.65.32.248
Tracing is complete.

Ping is working too.

Please help me solve my problem.

2

Hi @Tsiita, and welcome to the LE community forum :slight_smile:

Please show this output instead:
traceroute -T -p 443 acme-v02.api.letsencrypt.org

4 Likes
3

This IPv4 address is not blocked, so it's a networking issue.

7 Likes
4

What keys should I use in tracert on Windows? I haven't Linux in this network. :frowning:

5

hmm...
Does it have?:

  • curl
  • openssl
4 Likes
6

You could install nmap on Windows and use its traceroute function as noted here

Once you have nmap, you can do

nmap -Pn --traceroute -p 443 acme-v02.api.letsencrypt.org

Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-05 17:33 UTC
PORT STATE SERVICE
443/tcp open https

TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS
1 ...
2 ...

(the above is from my own nmap on Ubuntu but nmap should work the same on Windows)

4 Likes
7

The other thing you can try is in Powershell:

Test-NetConnection -Port 443 -ComputerName acme-v02.api.letsencrypt.org -InformationLevel Detailed

Not quite as helpful as an actual TCP-based traceroute but may still tell you something, and is hopefully built into your system already.

If your system is having trouble connecting to Let's Encrypt's system there isn't much others here can do. Something to double-check is that there isn't a firewall or router confusing the 172.65 address with the nearby private-IP only space; we've seen that a few times lately.

5 Likes
8

False alarm, dear friends.
I'm so stupid that I didn't configure the firewall rules correctly for a subnet of servers.
Everything works, I deeply apologize to everyone for wasting your time.

6 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.