Official apt repository (451 Unavailable For Legal Reasons)

FYI all, the issue may be partially resolved. I just ran an upgrade, and got through four of my five notes, then the fifth encountered this error. So if you intend to have your cluster upgraded in entirety (e.g. if you want Kibana to start up), be careful about beginning the process now. All of my nodes are in SFO2.

I haven't played yet to see whether I can get around the issue somehow.

The issue still exists.. Digital Ocean, FRA1..

Likewise in AMS3.

E: Failed to fetch 451 Unavailable For Legal Reasons [IP: 443]

Still getting it on my fifth server as well. I scp'd the deb file to get Kibana working without having to leave the server off, but now I can't do backups because installing repository-azure calls out to the same CDN.

This is getting old. Still failing for me as well.

1 Like

From time to time, IP blocks can be reallocated around the internet, and things like this happen. It's not super common to see such an impact, but I've definitely been hit by similar thing with bogon IP ranges in the past.

Our infra team has been working with our CDN provider on this, and the provider has made multiple changes to mitigate issues. I have made them aware of this thread as well so they can follow up.


To workaround this problem you can download the plugin zip file and install it locally following those steps.

DigitalOcean FRA1 - still happening.


DigitalOcean FRA1 - Still happening as of today

DigitalOcean FRA1 - Still happening as of today

--2020-06-09 09:07:39--
Resolving (, 2a04:4e42:1b::734
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 451 Unavailable For Legal Reasons
2020-06-09 09:07:39 ERROR 451: Unavailable For Legal Reasons.

Also still occurring in AMS3, one of my droplets that was receiving 451 is now correctly getting a 200 so there appears to have been some minor progress. Any more news from Fastly?

# curl -A 'Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0' -I -vvv
*   Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Mountain View; O=Elasticsearch, Inc.; CN=*
*  start date: Mar  7 00:00:00 2019 GMT
*  expire date: Apr 22 12:00:00 2021 GMT
*  subjectAltName: host "" matched cert's "*"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5571907e27c0)
> HEAD /packages/6.x/apt/dists/stable/InRelease HTTP/2
> Host:
> user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
> accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 451 
HTTP/2 451 
< retry-after: 0
retry-after: 0
< accept-ranges: bytes
accept-ranges: bytes
< date: Tue, 09 Jun 2020 12:52:53 GMT
date: Tue, 09 Jun 2020 12:52:53 GMT
< via: 1.1 varnish
via: 1.1 varnish
< x-served-by: cache-ams21055-AMS
x-served-by: cache-ams21055-AMS
< x-cache: MISS
x-cache: MISS
< x-cache-hits: 0
x-cache-hits: 0
< x-timer: S1591707173.413919,VS0,VE0
x-timer: S1591707173.413919,VS0,VE0
< server: ElasticInfrastructure
server: ElasticInfrastructure
< content-length: 0
content-length: 0

* Connection #0 to host left intact
1 Like

Still facing this issue. Any updates?

Failed to download key at HTTP Error 451: Unavailable For Legal Reasons
1 Like

As of today still I am also experiencing this issue on some VMs in DigitalOcean but not all. About 5/8 are having the issue in NYC3 and 4/10 in TOR1 when attempting to update (they previously have installed fine before):

Err:11 stable Release
451  Unavailable For Legal Reasons

I'm also experiencing issues on one of my DigitalOcean servers, seems to only affect my newest box which was added ~30days ago, but older boxes are still fine.

Need to add filebeat before I can use this box within our infrastructure.

If you can please share the public IP of the host you are on when you encounter this, it'll help us work with our service provider :slight_smile:

Hi, I faced with the same issue on Digital Ocean NYC

wget -O -
--2020-06-15 06:51:49--
Resolving (, 2a04:4e42:46::734
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 451 Unavailable For Legal Reasons
2020-06-15 06:51:49 ERROR 451: Unavailable For Legal Reasons.

Hey Mark,

This is the public IP of the host

I have checked this morning and the problem is still occurring.

since today I've started experiencing this issue to additional DO droplets in Canada that were previously working fine

Please provide the IPs so we can chase up with our provider.