Possibly blocked IP address

Help
1

Hello!
I believe that my server's IP address may be blocked. It's been a while since my server can't connect to the Let's Encrypt server.
It is showing the following error message:

curl -v https://acme-v02.api.letsencrypt.org/directory

  • Trying 172.65.32.248...
  • TCP_NODELAY set
  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, [no content] (0):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=acme-v02.api.letsencrypt.org
  • start date: May 1 18:14:19 2023 GMT
  • expire date: Jul 30 18:14:18 2023 GMT
  • subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
  • issuer: C=US; O=Let's Encrypt; CN=R3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • Using Stream ID: 1 (easy handle 0x5592ff0046b0)
  • TLSv1.3 (OUT), TLS app data, [no content] (0):

GET /directory HTTP/2
Host: acme-v02.api.letsencrypt.org
User-Agent: curl/7.61.1
Accept: /

Estou fazendo esse teste acima, via comando shell, "CloudLinux 8.7".

When I try to activate Let's Encrypt through cPanel "WHM", I get the following error:

API failure: Net::ACME2::x::HTTP::Network: The system failed to send an HTTP “GET” request to “https://acme-v02.api.letsencrypt.org/directory” because of an error: SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed ...propagated at /usr/local/cpanel/3rdparty/perl/536/cpanel-lib/Net/ACME2/HTTP.pm, line 225

Remembering that it was working normally, but it has about 20 days that it stopped working.

If anyone can help!

Thank you!

1 Like
2

That error message makes it clear that you can connect to the Let's Encrypt server. Whatever the problem is, it isn't that your IP is blocked (and that's almost never the problem).

8 Likes
3

This could be due to some misconfiguration of the client, like configuring a nonstandard trust store meant for some internal use.

The curl command shows you aren't blocked and your system generally trusts Let's Encrypt.

7 Likes
4

Try obtaining a cert from another free CA.

3 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.