we have an issue about the generation of ssl certificates let’s encrypt for the domains of our clients hosted under our server,
The solution used is plesk under linux and at each generation temptation the following error is displayed;
Could not issue an SSL/TLS certificate for vkconsulting.dz
Details
Could not issue a Let's Encrypt SSL/TLS certificate for vkconsulting.dz.
Please try again later or report the issue to support.
Details
Could not obtain directory: cURL error 7: Failed to connect to 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable (see libcurl - Error Codes)
several actions have been implemented by our security team which are:
the deactivation of the anti-ddos
whitelist of server addresses let’s encrypt,
But the issue still persist , and we highly doubt that the IP of our server is blocked or blocklisted because another server in the same address pool that this server does not have any problems when generating or renewing
below are the result of curl/ telnet also traceroute toward IP let's encrypt 172.65.32.248 : there are 2 traceroute test with plesk linux ssl1 server with the issue & plesk ssl0 with no issue
Thank you for your quick response , yeah the error message shows that the failure is on IPV6 ,
But the curl / telnet / traceroute are based on IPv4 and the server cannot reach the IP server of let's encrypt
that's why suspect that there is block from let's encrypt or restrictions are made to our server IP since the other plesk server is not facing the same issue (IPs are on the same subnets, securtity applied is identical ,
Hello , those are the results of the commands : for the 2 servers ssl1 with issue ,and ssl0 with no issue , i can see that the packets are correctly routed on the ssl0 server
That confirms you can reach the LE server using IPv4. The error was caused by using IPv6 though. What ACME client are you using to request the cert? Is it the Plesk extension?
And, did you ever get the IPv6 problem resolved? Because your first post has your Plesk system trying IPv6.
Let's Encrypt ACME servers have both IPv4 and IPv6 addresses in the DNS. Do you need to tell Plesk not to use the IPv6 address if you don't have your network configured for it? (I saw an old bug in the Plesk extension about this)
Will watch. They said they disabled IPv6 and all the other tests defaulted to IPv4. Still, you are right. I probably should have said to try both of these (or used -v to see what was used):