Suspect IP is blocked?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
curl -i

It produced this output:
curl: (35) Recv failure: Connection reset by peer

My web server is (include version):
Apache 2.4.6

The operating system my web server runs on is (include version):
Centos 7

My hosting provider, if applicable, is:
Binary Lane

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes - Virtualmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

I've tested this from my server and from my local computer with VPN connected. Everything was working fine until very recently. No configuration changes. All of a sudden we can't get certificates issued.

1 Like

I can check if an IP is blocked but you’ll have to post what IP you’d like checked.

I don’t think we’ve blocked any IPs recently, though.



1 Like

The reason I suspected an IP block is this command does different things depending on whether I'm connected to my office network or not:

connected via one of the IPs previously listed:

ccarey:~$> curl -i
curl: (35) Recv failure: Connection reset by peer

connected via 5G hotspot:

ccarey:~$> curl -i
HTTP/2 200 
server: nginx
date: Mon, 30 Oct 2023 05:24:53 GMT
content-type: application/json
content-length: 752
cache-control: public, max-age=0, no-cache
x-frame-options: DENY
strict-transport-security: max-age=604800

  "keyChange": "",
  "kpfWrYICk4k": "",
  "meta": {
    "caaIdentities": [
    "termsOfService": "",
    "website": ""
  "newAccount": "",
  "newNonce": "",
  "newOrder": "",
  "renewalInfo": "",
  "revokeCert": ""

it's a bit inconsistent, though - it fails/times out even without the VPN about half the time. is on Cloudflare.
Maybe there is some issue there???
Recall that CF is a global CDN and different paths reach different systems.
Maybe only one, or a few, are having this problem.


@fireflyoz, do you need a cert right away?


I'm having the same issue on my Linode servers.

Running certbot --force-renew was getting Connection reset by peer errors.

I kept running the command and eventually an attempt worked.

After a working attempt, I tried again and continued to get Connection reset by peer.

@CrowdCon, please open a separate topic thread for your issue.
Also: Don't use --force-renew unless you know when/why it is used and you actually need to use it.


This connects fine

curl -I

I don't need a cert immediately -- do you think it's a transient server-side problem that might clear on its own?


Yes, I do.


I've been having a similar issue with TLS stalling, also in Australia (ISP is Telstra). You can try your luck with --server

Cloudflare Status


Well, that Cloudflare issue shows resolved today, and the problem at my end seems to have gone away, which is a big relief!

Thanks all for checking this out.


Historically, nearly every "IP Block" complaint here has been due to routing misconfigurations on a network belonging to the Client (LetsEncrypt Subscriber) or their ISP.

IP Blocks do happen, but are rare. Checking networks to see where the connectivity drops off should be the first step in troubleshooting.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.