Server cannot issue let's encrypt certificate

Hello Team,

we have an issue about the generation of ssl certificates let’s encrypt for the domains of our clients hosted under our server,
The solution used is plesk under linux and at each generation temptation the following error is displayed;

Could not issue an SSL/TLS certificate for

Could not issue a Let's Encrypt SSL/TLS certificate for

Failed to connect to the Let's Encrypt server

Please try again later or report the issue to support.


Could not obtain directory: cURL error 7: Failed to connect to 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable (see libcurl - Error Codes)

several actions have been implemented by our security team which are:

  • the deactivation of the anti-ddos
  • whitelist of server addresses let’s encrypt,

But the issue still persist , and we highly doubt that the IP of our server is blocked or blocklisted because another server in the same address pool that this server does not have any problems when generating or renewing

below are the result of curl/ telnet also traceroute toward IP let's encrypt : there are 2 traceroute test with plesk linux ssl1 server with the issue & plesk ssl0 with no issue

Please provide us a quick support on the above ,

Many thanks !!!

1 Like

Hi @mohamed95, and welcome to the LE community forum :slight_smile:

Your tests are all on IPv4.
But the failure is via IPv6:

Addresses: 2606:4700:60:0:f53d:5624:85c7:3a2c

Your system is trying to use IPv6 to reach LE.


Hello @rg305 ,

Thank you for your quick response , yeah the error message shows that the failure is on IPV6 ,

But the curl / telnet / traceroute are based on IPv4 and the server cannot reach the IP server of let's encrypt

that's why suspect that there is block from let's encrypt or restrictions are made to our server IP since the other plesk server is not facing the same issue (IPs are on the same subnets, securtity applied is identical ,

Looking forward to your comments ,

1 Like

Then there may be multiple problems [IPv6 and IPv4].

traceroute -T -p 443
traceroute --mtu -enf 5 -T -p 443


Hello @rg305,

This is duly noted , we will share the results asap ,
As i said above , we suspect that there is a restrictions from LE side on our server ,

I will revert back shortly,

thank you again

1 Like

Hello , those are the results of the commands : for the 2 servers ssl1 with issue ,and ssl0 with no issue , i can see that the packets are correctly routed on the ssl0 server

Your feedback will be much appreciated

That confirms you can reach the LE server using IPv4. The error was caused by using IPv6 though. What ACME client are you using to request the cert? Is it the Plesk extension?

Also, what does this show

curl -6 -vvv

Only show first 10 lines or so if the result is an HTTP 200 response


Hello Mike ,

yes it is via an extension installed on our plesk named sslit


For the command , i will revert back soon ,

hello Team,

The result of curl ipv6

appending your reply

That's the same error you showed from the Plesk extension in your first post.

So, you either need to fix your IPv6 config or find how to make that extension use IPv4 instead.


Does IPv6 work on your system?
If not, you should fix it, or stop using it [remove it].


Hello Team,

Thank you for your response , but we did notice that the blocking to the LE server is random from our plesk linux

sometimes it works and sometimes it doesn’t , as you see below , and highly suspect that there is a block from LE ,

We have checked with our security team , all restrictions has been removed in order to check but unfortunetly the issue still persist

We appreciate your help

1 Like

I'm not sure how a block from LE would result in on/off-like behaviour? If LE blocked your IP address, it just wouldn't work, right?


And, did you ever get the IPv6 problem resolved? Because your first post has your Plesk system trying IPv6.

Let's Encrypt ACME servers have both IPv4 and IPv6 addresses in the DNS. Do you need to tell Plesk not to use the IPv6 address if you don't have your network configured for it? (I saw an old bug in the Plesk extension about this)


Hello Mike ,

The IPv6 service was stopped but the issue still persist unfortunetly ,


Those tests look like intermittent network failures affecting outbound requests.

Your first nc test worked but the second failed
Your first telnet test worked but the second failed
Your one ping test failed

What if you try some other outbound requests like:

curl -I
1 Like

Note that might return IPv4 and IPv6 addresses.:

Addresses: 2606:4700:4700::1111

A human mind might read and see an IPv4 address of [only].

1 Like

Will watch. They said they disabled IPv6 and all the other tests defaulted to IPv4. Still, you are right. I probably should have said to try both of these (or used -v to see what was used):

curl -I4
curl -I6

Milage May Vary:


[Blocked for ADULT content! - LOL]


I'm sure some passes through Cloudflare <g>
although I doubt poster is using that DNS server

@mohamed95 So let's try this domain instead. Just curious about your connections as you have made some changes (this domain also uses Cloudflare)

curl -4
curl -6