I keep getting

{
    "statusCode": 500,
    "error": "Internal Server Error",
    "message": "'403 Forbidden' error response from package registry at https://epr.elastic.co/categories?kibana.version=8.16.0"
}

while trying to add integrations within Kibana.
Looks like some requests do go through though. After waiting for 10-20 minutes I was able to get the list of available integrations and I can see that there is a valid JSON response from the categories endpoint. I haven't been able to get a valid response apart from this exact 403 when trying to go to the APM integration page:

{
    "statusCode": 500,
    "error": "Internal Server Error",
    "message": "'403 Forbidden' error response from package registry at https://epr.elastic.co/package/apm/8.16.0/"
}

Also, image requests seem to result in the same response:

{
    "statusCode": 500,
    "error": "Internal Server Error",
    "message": "'403 Forbidden' error response from package registry at https://epr.elastic.co/package/aws/2.31.3/img/logo_emr.svg"
}

Hi @savemetenminutes , welcome to our community.

Please test if the machine running Kibana has access:

curl -v 'https://epr.elastic.co/categories?kibana.version=8.16.0'

DNS Resolution Test

nslookup epr.elastic.co

Route Test

traceroute epr.elastic.co

The IP address you are using may be banned.

Check this post for further details.

# curl -v 'https://epr.elastic.co/categories?kibana.version=8.16.0'
*   Trying 34.120.127.130:443...
* TCP_NODELAY set
* Connected to epr.elastic.co (34.120.127.130) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=elastic.co
*  start date: Sep 24 22:54:41 2024 GMT
*  expire date: Dec 23 22:54:40 2024 GMT
*  subjectAltName: host "epr.elastic.co" matched cert's "epr.elastic.co"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5570f258a650)
> GET /categories?kibana.version=8.16.0 HTTP/2
> Host: epr.elastic.co
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403
< content-length: 134
< content-type: text/html; charset=UTF-8
< date: Tue, 19 Nov 2024 19:49:12 GMT
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
* Connection #0 to host epr.elastic.co left intact
<!doctype html><meta charset="utf-8"><meta name=viewport content="width=device-width, initial-scale=1"><title>403</title>403 Forbidden

Thanks for pointing this thread out. I did come across it while researching potential causes for this issue, but I couldn't quite make out what the OP was trying to explain. After browsing further down the thread I noticed people were posting their GeoIP info. Since I'm trying to keep my hosting info private should I PM @carly.richmond? How does PMing work with Elastic representatives? Is Slack the preferred channel?

Hi @savemetenminutes,

Welcome! @leandrojmp is correct that it may be your IP is blocked.

Indeed there is an option to keep your IP private. Let me message you directly and we can investigate.