Please unblock IP

I installed a new server which docker / traefik and challanged the wrong hostname which had no dns record.

Now I think my IP has been blocked. (traefik reports :Timeout during connect (likely firewall problem)).

Can you unblock the IP please.


Welcome to the community @KardinalReusen

It is unlikely to get blocked from one failed attempt. What does this show:

curl -Iv
curl -Iv
*   Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject:
*  start date: Dec 17 20:26:28 2021 GMT
*  expire date: Mar 17 20:26:27 2022 GMT
*  subjectAltName: host "" matched cert's ""
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x559f3eb6d810)
> HEAD /directory HTTP/2
> Host:
> user-agent: curl/7.80.0
> accept: */*
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
HTTP/2 200 
< server: nginx
server: nginx
< date: Tue, 04 Jan 2022 18:46:10 GMT
date: Tue, 04 Jan 2022 18:46:10 GMT
< content-type: application/json
content-type: application/json
< content-length: 658
content-length: 658
< cache-control: public, max-age=0, no-cache
cache-control: public, max-age=0, no-cache
< replay-nonce: 0101_yFOtmjndD12Z-pbRTswl50zxe9IaBphgqpEtPcRr9Q
replay-nonce: 0101_yFOtmjndD12Z-pbRTswl50zxe9IaBphgqpEtPcRr9Q
< x-frame-options: DENY
x-frame-options: DENY
< strict-transport-security: max-age=604800
strict-transport-security: max-age=604800

* Connection #0 to host left intact

Well... that shows your IP isn't being blocked.


That is good news. Thank you.

The traefic container reports

level=error msg="Unable to obtain ACME certificate for domains \"\": unable to generate a certificate for the domains []: error: one or more domains had a problem:\n[] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem)\n" providerName=mytlschallenge.acme routerName=traefik-dash@docker rule="Host(``)"

Can you help me with this error?

1 Like

The error shown in OP is a typical error reported by Boulder, so it had nothing to do with being blocked from the ACME API to begin with :wink:

@KardinalReusen It's probably the other way around: you're blocking the validation attempt by the Let's Encrypt validation server. From here I can connect to perfectly on port 80, so maybe you're blocking only certain IP ranges or perhaps a geographical blocklist.


It's a fresh debian 11 installation. I have not configured any blocking.

The issue isn't your IPv4 ( blocking connections, it's that your IPv6 address (2a02:c207:3004:4324::1) isn't working.

On IPv4:

$ curl -4 -v
*   Trying
* Connected to ( port 80 (#0)
> GET /.well-known/acme-challenge/le-forum-test HTTP/1.1
> Host:
> User-Agent: curl/7.52.1
> Accept: */*
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Tue, 04 Jan 2022 19:20:02 GMT
< Content-Length: 19
404 page not found
* Curl_http_done: called premature == 0
* Connection #0 to host left intact

On IPv6:

$ curl -6 -v
*   Trying 2a02:c207:3004:4324::1...

(And it just hangs never getting a response)


I think that is the problem. There is a problem bringing up the IPv6 address.
Thank you very much for your help.


@petercooperjr Good catch! My telnet tries both IPv6 and IPv4 at the same time and as IPv4 connected, I didn't check IPv6.

Strangely enough my telnet doesn't have a -4 or -6 option.. Maybe I'll write a patch :stuck_out_tongue: Edit:Uch, C.. My C is a little bit rusty..


A post was split to a new topic: Is my IP blocked?

A post was split to a new topic: Is my IP blocked?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.