Getting 403 denied to elastic.co (for anything: apt refresh, wget, etc)

Our company runs out of several datacenters and we just provisioned a new one in a new region (within USA) and I cannot pull from elastic.co from this site.

The below commands work perfectly fine for any other site within my organization....

ubuntu@host.site121:~$ sudo apt update

Err:1 https://artifacts.elastic.co/packages/7.x/apt stable InRelease
  403  Forbidden [IP: 34.120.127.130 443]
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:3 http://mirrors.namecheap.com/ubuntu focal InRelease
Hit:4 http://mirrors.namecheap.com/ubuntu focal-updates InRelease
Hit:5 http://mirrors.namecheap.com/ubuntu focal-backports InRelease
Reading package lists... Done
E: Failed to fetch https://artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease  403  Forbidden [IP: 34.120.127.130 443]
E: The repository 'https://artifacts.elastic.co/packages/7.x/apt stable InRelease' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
ubuntu@host.site121:~$ wget https://artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease

--2022-03-31 00:01:02--  https://artifacts.elastic.co/packages/7.x/apt/dists/stable/InRelease
Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-03-31 00:01:02 ERROR 403: Forbidden.
ubuntu@host.site121:~$ wget https://artifacts.elastic.co

--2022-03-31 00:05:47--  https://artifacts.elastic.co/
Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-03-31 00:05:47 ERROR 403: Forbidden.

When I run the above commands from any other site it works fine.

Could it be this external IP is banned? This is a new site for my company and the external IP was just recently provisioned.

It could be, what is the IP range you are coming from?

I can't post that publicly. Is there a way I can share it with a team member directly?

DM it to me if you want.

1 Like

Unsure to be honest as it looks like it's geolocated in the US, which we aren't blocking.

Problem accessing charts and artifacts from hetzner.de servers - #4 by spinscale seems related. We'll see what we can figure out.

Thanks. If there is anything I can do to help troubleshoot on my side, please let me know. I think I'm stuck for now unless I get fancy with some sort of proxy.

Pretty sure this exact same site was able to do an "apt update" (including elastic repo) last week.

1 Like

I just tried again this morning and it's working now. Nothing changed on my side :person_shrugging:

Appreciate the attentiveness and thanks if any fixes were made

1 Like

I am getting the same error while trying to install Elasticsearch. Is there any workaround for this?


Err:4 https://artifacts.elastic.co/packages/oss-7.x/apt stable InRelease                            
  403  Forbidden [IP: 2600:1901:0:1d7:: 443]
Reading package lists... Done
E: Failed to fetch https://artifacts.elastic.co/packages/oss-7.x/apt/dists/stable/InRelease  403  Forbidden [IP: 2600:1901:0:1d7:: 443]
E: The repository 'https://artifacts.elastic.co/packages/oss-7.x/apt stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

2 Likes

This is happening again. Totally random. Same site, same IP :frowning:

@warkolm FYI ^ ... Not sure if you took any action last time. We have Ansible run apt update several times a week, but nothing crazy. We have dozens of other sites that do the same, the issue is just this one site.

the same here, cannot download, cannot build openstack packages (kolla). Also cannot download elastic on any devices like smart phones.

Are Russian IPs banned now?

Correct, we are banning Russian IPs from accessing our software.

We are Norwegian company, and it works on and off at times, with error 403. We're not in Russia, it means you have some problems with your GeoIP database. Please fix it, we wanted to upgrade existing ELK cluster but now we're forced to wait. We want to trust Elastic, but if this continues we'll probably go for Splunk.

Show us that you're trustworthy and able to provide good quality for community. Like RIPE or ICANN did and stayed away from politics, being professional. In any case, western countries should not be blocked, fix this screw up please.

2 Likes

Hello! I'm a developer from Uzbekistan. Trying to install elk on my server (ip: 82.148.4.79). Unfortunately I receive the same error: Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.

HTTP request sent, awaiting response... 403 Forbidden.
Is it a bug?

What the hell have you blocked? Production servers cannot access the repository!
City: Schwerzenbach
Region: Zurich
Country: Switzerland
External IP 194.11.129.X