on 26 Apr, 2018 02:52 PM
I have also seen this problem happen within one particular VPC in us-east-1, all of the outgoing traffic from that VPC goes through a NAT server. Sounds like we may have also gotten ourselves blacklisted somehow. Is there a resolution process or this?
Had the same problem. api.rubygems.org change their certificate on Apr 25. I also had TLS problems for other sites but only on servers behind a NAT. I also updated the servers certificates list as well, but this did not fix the NAT issue.
I upgraded and rebuilt a new NAT on amazon-nat-2017.09 and this has fixed the connectivity issues, we were previously at 2016.03
Ferdy, were you able to inspect the SSL certificate for api.rubygems.org? I tried grabbing it directly with `openssl s_client -connect api.rubygems.org:443` and did not get a response (which is what led me to believe we were blacklisted).
I can confirm this issue existing for instances behind NAT instance. I've switched currently to NAT Gateway service and it works again. The ip's are not blacklisted it's more a CDN problem rubygems.org rely on.
I had the same issue on AWS - could not establish a SSL connection with api.rubygems.org from a server behind a NAT. Replacing the old NAT instance with amzn-ami-vpc-nat-hvm-2017.09.1.20180108-x86_64-ebs fixed it.