Error: Cannot connect using TLS

[aradalvand]

I'm trying to submit my site (amademy.com) at hstspreload.org, but I keep getting the following error:

Error: Cannot connect using TLS
We cannot connect to https://amademy.com using TLS ("Get "https://amademy.com\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)").

This can't be a duplicate of #43 because I'm not using IPv6 at all.

I also tested the site with testlocal.ly — see the results — which confirmed that the website is in fact accessible from San Francisco and various other locations.

But the site itself is hosted in Iran, and I also tested other Iranian websites (e.g. digikala.com, aparat.com), it yields the same error:

I also tried the hstspreload command-line tool, I get this output:

Even though the preloadabledomain command confirms that the site meets the requirements:

What is going on? Thanks in advance.

[lgarron]

You do seem to be using this correctly! Sometimes there are issues with a CDN like Cloudflare blocking certain user agents or IPs by default — any chance the site might be using one of those?

@christhompson or @agl, is this something you'd be able to debug in Google Cloud?

[aradalvand]

Hi @lgarron, thank you for the response.
I'm not sure about the other websites (digikala.com, aparat.com) but mine isn't using a CDN or any kind of a proxy, for that matter, in front of the main server. The DNS A record points directly to the IP of the server.
So, that can't be the problem, I don't think.

[nharper]

This appears to be an issue where GCP is blocking access to the IP addresses for those domains.

[aradalvand]

This appears to be an issue where GCP is blocking access to the IP addresses for those domains.

Strange... Why would it do that?

[nharper]

Strange... Why would it do that?

It appears GCP blocks Iranian IP addresses. I don't know why GCP blocks Iranian IP addresses.