Official apt repository (451 Unavailable For Legal Reasons)

MaJaHa95 · May 29, 2020, 7:07am

FYI all, the issue may be partially resolved. I just ran an upgrade, and got through four of my five notes, then the fifth encountered this error. So if you intend to have your cluster upgraded in entirety (e.g. if you want Kibana to start up), be careful about beginning the process now. All of my nodes are in SFO2.

I haven't played yet to see whether I can get around the issue somehow.

nmngt · May 29, 2020, 10:19am

The issue still exists.. Digital Ocean, FRA1..

CarbonRook · May 29, 2020, 1:34pm

Likewise in AMS3.

Kamal_Saleh · May 31, 2020, 2:51pm

E: Failed to fetch https://artifacts.elastic.co/packages/6.x/apt/dists/stable/InRelease 451 Unavailable For Legal Reasons [IP: 151.101.210.222 443]

MaJaHa95 · June 1, 2020, 12:48am

Still getting it on my fifth server as well. I scp'd the deb file to get Kibana working without having to leave the server off, but now I can't do backups because installing repository-azure calls out to the same CDN.

MikeHarness · June 2, 2020, 2:25am

This is getting old. Still failing for me as well.

warkolm · June 2, 2020, 2:28am

From time to time, IP blocks can be reallocated around the internet, and things like this happen. It's not super common to see such an impact, but I've definitely been hit by similar thing with bogon IP ranges in the past.

Our infra team has been working with our CDN provider on this, and the provider has made multiple changes to mitigate issues. I have made them aware of this thread as well so they can follow up.

Luca_Belluccini · June 2, 2020, 11:42pm

To workaround this problem you can download the plugin zip file and install it locally following those steps.

tenbits · June 3, 2020, 3:42pm

DigitalOcean FRA1 - still happening.

droplet · June 6, 2020, 11:45am

DigitalOcean FRA1 - Still happening as of today

darii_petru · June 9, 2020, 9:09am

DigitalOcean FRA1 - Still happening as of today

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.1-linux-x86_64.tar.gz
--2020-06-09 09:07:39--  https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.1-linux-x86_64.tar.gz
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.14.222, 2a04:4e42:1b::734
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.14.222|:443... connected.
HTTP request sent, awaiting response... 451 Unavailable For Legal Reasons
2020-06-09 09:07:39 ERROR 451: Unavailable For Legal Reasons.

CarbonRook · June 9, 2020, 1:01pm

Also still occurring in AMS3, one of my droplets that was receiving 451 is now correctly getting a 200 so there appears to have been some minor progress. Any more news from Fastly?

# curl -A 'Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0' -I https://artifacts.elastic.co/packages/6.x/apt/dists/stable/InRelease -vvv
*   Trying 151.101.2.222:443...
* TCP_NODELAY set
* Connected to artifacts.elastic.co (151.101.2.222) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Mountain View; O=Elasticsearch, Inc.; CN=*.elastic.co
*  start date: Mar  7 00:00:00 2019 GMT
*  expire date: Apr 22 12:00:00 2021 GMT
*  subjectAltName: host "artifacts.elastic.co" matched cert's "*.elastic.co"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5571907e27c0)
> HEAD /packages/6.x/apt/dists/stable/InRelease HTTP/2
> Host: artifacts.elastic.co
> user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 451 
HTTP/2 451 
< retry-after: 0
retry-after: 0
< accept-ranges: bytes
accept-ranges: bytes
< date: Tue, 09 Jun 2020 12:52:53 GMT
date: Tue, 09 Jun 2020 12:52:53 GMT
< via: 1.1 varnish
via: 1.1 varnish
< x-served-by: cache-ams21055-AMS
x-served-by: cache-ams21055-AMS
< x-cache: MISS
x-cache: MISS
< x-cache-hits: 0
x-cache-hits: 0
< x-timer: S1591707173.413919,VS0,VE0
x-timer: S1591707173.413919,VS0,VE0
< server: ElasticInfrastructure
server: ElasticInfrastructure
< content-length: 0
content-length: 0

< 
* Connection #0 to host artifacts.elastic.co left intact

Yehor_Ivanov · June 11, 2020, 12:11pm

Still facing this issue. Any updates?

Failed to download key at https://artifacts.elastic.co/GPG-KEY-elasticsearch: HTTP Error 451: Unavailable For Legal Reasons

btnrsec · June 11, 2020, 5:02pm

As of today still I am also experiencing this issue on some VMs in DigitalOcean but not all. About 5/8 are having the issue in NYC3 and 4/10 in TOR1 when attempting to update (they previously have installed fine before):

Err:11 https://artifacts.elastic.co/packages/7.x/apt stable Release
451  Unavailable For Legal Reasons

rmcevoy · June 12, 2020, 11:41am

I'm also experiencing issues on one of my DigitalOcean servers, seems to only affect my newest box which was added ~30days ago, but older boxes are still fine.

Need to add filebeat before I can use this box within our infrastructure.

warkolm · June 14, 2020, 11:05pm

If you can please share the public IP of the host you are on when you encounter this, it'll help us work with our service provider

Dmitri_Koukoulian · June 15, 2020, 7:01am

Hi, I faced with the same issue on Digital Ocean NYC

wget -O - https://artifacts.elastic.co/GPG-KEY-elasticsearch
--2020-06-15 06:51:49--  https://artifacts.elastic.co/GPG-KEY-elasticsearch
Resolving artifacts.elastic.co (artifacts.elastic.co)... 151.101.210.222, 2a04:4e42:46::734
Connecting to artifacts.elastic.co (artifacts.elastic.co)|151.101.210.222|:443... connected.
HTTP request sent, awaiting response... 451 Unavailable For Legal Reasons
2020-06-15 06:51:49 ERROR 451: Unavailable For Legal Reasons.

rmcevoy · June 15, 2020, 7:07am

Hey Mark,

This is the public IP of the host 161.35.45.94

I have checked this morning and the problem is still occurring.

rugma · June 15, 2020, 11:21am

since today I've started experiencing this issue to additional DO droplets in Canada that were previously working fine

warkolm · June 15, 2020, 9:39pm

Please provide the IPs so we can chase up with our provider.