Suricata blocks Lets Encrypt (r3.o.lencr.org)

Help
,
1

Hi!
I installed and configured Suricata in IPS mode. Everything works fine, but Lets Encrypt is blocked.
The web server logs show the following errors:

2023/05/05 04:07:40 [error] 93970#93970: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 87.245.198.155:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:08:40 [error] 93970#93970: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 87.245.198.145:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:08:40 [error] 93970#93970: connect() to [2a02:26f0:6600::17c4:ec19]:80 failed (101: Network is unreachable) while requesting certificate status, responder: r3.o.lencr.org, peer: [2a02:26f0:6600::17c4:ec19]:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:08:40 [error] 93970#93970: connect() to [2a02:26f0:6600::5f65:7712]:80 failed (101: Network is unreachable) while requesting certificate status, responder: r3.o.lencr.org, peer: [2a02:26f0:6600::5f65:7712]:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:23:21 [error] 93970#93970: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 23.196.236.35:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:23:22 [error] 93971#93971: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 23.196.236.35:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:24:21 [error] 93970#93970: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 23.196.236.32:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:24:21 [error] 93970#93970: connect() to [2a00:1c28:2:1256::b905:a0c9]:80 failed (101: Network is unreachable) while requesting certificate status, responder: r3.o.lencr.org, peer: [2a00:1c28:2:1256::b905:a0c9]:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:24:21 [error] 93970#93970: connect() to [2a00:1c28:2:1256::b905:a0d2]:80 failed (101: Network is unreachable) while requesting certificate status, responder: r3.o.lencr.org, peer: [2a00:1c28:2:1256::b905:a0d2]:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:24:22 [error] 93971#93971: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 23.196.236.32:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:24:22 [error] 93971#93971: connect() to [2a00:1c28:2:1256::b905:a0c9]:80 failed (101: Network is unreachable) while requesting certificate status, responder: r3.o.lencr.org, peer: [2a00:1c28:2:1256::b905:a0c9]:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 04:24:22 [error] 93971#93971: connect() to [2a00:1c28:2:1256::b905:a0d2]:80 failed (101: Network is unreachable) while requesting certificate status, responder: r3.o.lencr.org, peer: [2a00:1c28:2:1256::b905:a0d2]:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"
2023/05/05 06:06:44 [error] 93970#93970: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: r3.o.lencr.org, peer: 188.43.76.59:80, certificate: "/etc/letsencrypt/live/my.domain.com/fullchain.pem"

I checked all these IP addresses in the rules but they are not thereā€¦

2

What version are you using, how do you run it and how does the config look like?
We need more details about your setup, the pure logfiles from the webserver are not enough for debugging.