Unban ip can’t renew certificate

Help
21

IP bans not active. Even if they were it would result in immediate disconnect not a long timeout.

Your BuyPass connection also fails. Something is definitely wrong with your comms routing.

2 Likes
22

What shows?:
netstat -nr

2 Likes
23

netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

24

I change ip on my router from 92.62.149.126 to 92.62.149.129 and see what happened )))

root@npm:~# curl ifconfig.me
92.62.149.129root@npm:~# curl -v https://acme-v02.api.letsencrypt.org/directory

  • Trying 172.65.32.248...
  • TCP_NODELAY set
  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=acme-v02.api.letsencrypt.org
  • start date: Sep 4 16:03:46 2024 GMT
  • expire date: Dec 3 16:03:45 2024 GMT
  • subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
  • issuer: C=US; O=Let's Encrypt; CN=R10
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x58e1769a1110)

GET /directory HTTP/2
Host: acme-v02.api.letsencrypt.org
User-Agent: curl/7.64.0
Accept: /

25

as you see all work, I think that 126 ip is blocked or there is another problem on your side

26

I need your help

27

I see you got certs for several subdomains of orenadvocat.ru today

Some of them (media, jelly, plex, ...) have the *.126 IP address in the public DNS.

How did you get the certs for those if .126 IP is not working?

npm.orenadvocat.ru.     300     IN      A       176.28.64.130
shadow.orenadvocat.ru.  300     IN      A       45.143.166.77

orenadvocat.ru.         300     IN      A       92.62.149.126
media.orenadvocat.ru.   300     IN      A       92.62.149.126
jelly.orenadvocat.ru.   300     IN      A       92.62.149.126
plex.orenadvocat.ru.    300     IN      A       92.62.149.126

You can see the cert history at a site like this: https://crt.sh Here is a recent sample

image
image1872×636 203 KB

2 Likes
28

I said that it worked time ago, but now it stoped and I show you logs why it doesn't curl from 126 and work from 129?

29

I receive cert from another ip not 126.

wil end 15.11 and they doesn't update

30

No. All 3 of those renewed today and expire 2025-02-01

2 Likes
31

Your curl to BuyPass also failed.

2 Likes
32

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.