Acme says VerifyError:Timeout even though port 443 is open

jhg · March 1, 2020, 8:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: smtp.jhmg.net

I ran this command: acme.sh --issue --debug --test -d smtp.jhmg.net --alpn

It produced this output:

[Sun Mar  1 15:42:00 EST 2020] Lets find script dir.
[Sun Mar  1 15:42:00 EST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Mar  1 15:42:00 EST 2020] _script='/root/.acme.sh/acme.sh'
[Sun Mar  1 15:42:00 EST 2020] _script_home='/root/.acme.sh'
[Sun Mar  1 15:42:00 EST 2020] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v2.8.6
[Sun Mar  1 15:42:00 EST 2020] Running cmd: issue
[Sun Mar  1 15:42:00 EST 2020] _main_domain='smtp.jhmg.net'
[Sun Mar  1 15:42:00 EST 2020] _alt_domains='no'
[Sun Mar  1 15:42:00 EST 2020] Using config home:/root/.acme.sh
[Sun Mar  1 15:42:00 EST 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar  1 15:42:00 EST 2020] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun Mar  1 15:42:00 EST 2020] DOMAIN_PATH='/root/.acme.sh/smtp.jhmg.net'
[Sun Mar  1 15:42:00 EST 2020] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar  1 15:42:00 EST 2020] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar  1 15:42:00 EST 2020] GET
[Sun Mar  1 15:42:00 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun Mar  1 15:42:00 EST 2020] timeout=
[Sun Mar  1 15:42:00 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:01 EST 2020] ret='0'
[Sun Mar  1 15:42:01 EST 2020] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Sun Mar  1 15:42:01 EST 2020] ACME_NEW_AUTHZ
[Sun Mar  1 15:42:01 EST 2020] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar  1 15:42:01 EST 2020] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Sun Mar  1 15:42:01 EST 2020] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun Mar  1 15:42:01 EST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Mar  1 15:42:01 EST 2020] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar  1 15:42:01 EST 2020] ACME_VERSION='2'
[Sun Mar  1 15:42:01 EST 2020] Le_NextRenewTime
[Sun Mar  1 15:42:01 EST 2020] _on_before_issue
[Sun Mar  1 15:42:01 EST 2020] _chk_main_domain='smtp.jhmg.net'
[Sun Mar  1 15:42:01 EST 2020] _chk_alt_domains
[Sun Mar  1 15:42:01 EST 2020] Le_LocalAddress
[Sun Mar  1 15:42:01 EST 2020] d='smtp.jhmg.net'
[Sun Mar  1 15:42:01 EST 2020] Check for domain='smtp.jhmg.net'
[Sun Mar  1 15:42:01 EST 2020] _currentRoot='alpn'
[Sun Mar  1 15:42:01 EST 2020] Standalone alpn mode.
[Sun Mar  1 15:42:01 EST 2020] _checkport='443'
[Sun Mar  1 15:42:01 EST 2020] _checkaddr
[Sun Mar  1 15:42:01 EST 2020] Using: ss
[Sun Mar  1 15:42:01 EST 2020] d
[Sun Mar  1 15:42:01 EST 2020] _saved_account_key_hash is not changed, skip register account.
[Sun Mar  1 15:42:01 EST 2020] Read key length:
[Sun Mar  1 15:42:01 EST 2020] _createcsr
[Sun Mar  1 15:42:01 EST 2020] Single domain='smtp.jhmg.net'
[Sun Mar  1 15:42:01 EST 2020] Getting domain auth token for each domain
[Sun Mar  1 15:42:01 EST 2020] d
[Sun Mar  1 15:42:01 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar  1 15:42:01 EST 2020] payload='{"identifiers": [{"type":"dns","value":"smtp.jhmg.net"}]}'
[Sun Mar  1 15:42:01 EST 2020] RSA key
[Sun Mar  1 15:42:01 EST 2020] HEAD
[Sun Mar  1 15:42:01 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar  1 15:42:01 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g  -I  '
[Sun Mar  1 15:42:01 EST 2020] _ret='0'
[Sun Mar  1 15:42:01 EST 2020] POST
[Sun Mar  1 15:42:01 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar  1 15:42:01 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:02 EST 2020] _ret='0'
[Sun Mar  1 15:42:02 EST 2020] code='201'
[Sun Mar  1 15:42:02 EST 2020] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/12634129/77402549'
[Sun Mar  1 15:42:02 EST 2020] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12634129/77402549'
[Sun Mar  1 15:42:02 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/41443959'
[Sun Mar  1 15:42:02 EST 2020] payload
[Sun Mar  1 15:42:02 EST 2020] POST
[Sun Mar  1 15:42:02 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/41443959'
[Sun Mar  1 15:42:02 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:02 EST 2020] _ret='0'
[Sun Mar  1 15:42:02 EST 2020] code='200'
[Sun Mar  1 15:42:02 EST 2020] d='smtp.jhmg.net'
[Sun Mar  1 15:42:02 EST 2020] Getting webroot for domain='smtp.jhmg.net'
[Sun Mar  1 15:42:02 EST 2020] _w='alpn'
[Sun Mar  1 15:42:02 EST 2020] _currentRoot='alpn'
[Sun Mar  1 15:42:02 EST 2020] entry='"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA","token":"7LZG7EVa6epWRVvIJFvUysX7p3kEU3gmURQvA5N26f4"'
[Sun Mar  1 15:42:02 EST 2020] token='7LZG7EVa6epWRVvIJFvUysX7p3kEU3gmURQvA5N26f4'
[Sun Mar  1 15:42:02 EST 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:02 EST 2020] keyauthorization='7LZG7EVa6epWRVvIJFvUysX7p3kEU3gmURQvA5N26f4.j675gbsLMS1BZp4em98S4G0RqXB62zogwNYVL2-Z-1g'
[Sun Mar  1 15:42:02 EST 2020] dvlist='smtp.jhmg.net#7LZG7EVa6epWRVvIJFvUysX7p3kEU3gmURQvA5N26f4.j675gbsLMS1BZp4em98S4G0RqXB62zogwNYVL2-Z-1g#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA#tls-alpn-01#alpn'
[Sun Mar  1 15:42:02 EST 2020] d
[Sun Mar  1 15:42:02 EST 2020] vlist='smtp.jhmg.net#7LZG7EVa6epWRVvIJFvUysX7p3kEU3gmURQvA5N26f4.j675gbsLMS1BZp4em98S4G0RqXB62zogwNYVL2-Z-1g#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA#tls-alpn-01#alpn,'
[Sun Mar  1 15:42:02 EST 2020] d='smtp.jhmg.net'
[Sun Mar  1 15:42:02 EST 2020] ok, let's start to verify
[Sun Mar  1 15:42:02 EST 2020] Verifying: smtp.jhmg.net
[Sun Mar  1 15:42:02 EST 2020] d='smtp.jhmg.net'
[Sun Mar  1 15:42:02 EST 2020] keyauthorization='7LZG7EVa6epWRVvIJFvUysX7p3kEU3gmURQvA5N26f4.j675gbsLMS1BZp4em98S4G0RqXB62zogwNYVL2-Z-1g'
[Sun Mar  1 15:42:02 EST 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:02 EST 2020] _currentRoot='alpn'
[Sun Mar  1 15:42:02 EST 2020] acmevalidationv1='054dd25c23dfd29221cea258898691e4a5605f9dd48561c869428e74c7d029ec'
[Sun Mar  1 15:42:02 EST 2020] Starting tls server.
[Sun Mar  1 15:42:02 EST 2020] san_a='smtp.jhmg.net'
[Sun Mar  1 15:42:02 EST 2020] san_b
[Sun Mar  1 15:42:02 EST 2020] port='443'
[Sun Mar  1 15:42:02 EST 2020] acmeValidationv1='054dd25c23dfd29221cea258898691e4a5605f9dd48561c869428e74c7d029ec'
[Sun Mar  1 15:42:02 EST 2020] Use length 2048
[Sun Mar  1 15:42:02 EST 2020] Using RSA: 2048
[Sun Mar  1 15:42:02 EST 2020] _createcsr
[Sun Mar  1 15:42:02 EST 2020] _signcsr
[Sun Mar  1 15:42:02 EST 2020] Signature ok
subject=/CN=tls.acme.sh
Getting Private key
[Sun Mar  1 15:42:02 EST 2020] Le_Listen_V4
[Sun Mar  1 15:42:02 EST 2020] Le_Listen_V6
[Sun Mar  1 15:42:02 EST 2020] openssl s_server -www -cert /root/.acme.sh/smtp.jhmg.net/tls.validation.cert  -key /root/.acme.sh/smtp.jhmg.net/tls.validation.key  -accept 443 -alpn acme-tls/1
[Sun Mar  1 15:42:03 EST 2020] serverproc='28668'
[Sun Mar  1 15:42:03 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:03 EST 2020] payload='{}'
[Sun Mar  1 15:42:03 EST 2020] POST
[Sun Mar  1 15:42:03 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:03 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:04 EST 2020] _ret='0'
[Sun Mar  1 15:42:04 EST 2020] code='200'
[Sun Mar  1 15:42:04 EST 2020] trigger validation code: 200
[Sun Mar  1 15:42:04 EST 2020] sleep 2 secs to verify
[Sun Mar  1 15:42:06 EST 2020] checking
[Sun Mar  1 15:42:06 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:06 EST 2020] payload
[Sun Mar  1 15:42:06 EST 2020] POST
[Sun Mar  1 15:42:06 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:06 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:06 EST 2020] _ret='0'
[Sun Mar  1 15:42:06 EST 2020] code='200'
[Sun Mar  1 15:42:06 EST 2020] Pending
[Sun Mar  1 15:42:06 EST 2020] sleep 2 secs to verify
[Sun Mar  1 15:42:08 EST 2020] checking
[Sun Mar  1 15:42:08 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:08 EST 2020] payload
[Sun Mar  1 15:42:08 EST 2020] POST
[Sun Mar  1 15:42:08 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:08 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:08 EST 2020] _ret='0'
[Sun Mar  1 15:42:08 EST 2020] code='200'
[Sun Mar  1 15:42:08 EST 2020] Pending
[Sun Mar  1 15:42:08 EST 2020] sleep 2 secs to verify
[Sun Mar  1 15:42:10 EST 2020] checking
[Sun Mar  1 15:42:10 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:10 EST 2020] payload
[Sun Mar  1 15:42:10 EST 2020] POST
[Sun Mar  1 15:42:10 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:10 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:11 EST 2020] _ret='0'
[Sun Mar  1 15:42:11 EST 2020] code='200'
[Sun Mar  1 15:42:11 EST 2020] Pending
[Sun Mar  1 15:42:11 EST 2020] sleep 2 secs to verify
[Sun Mar  1 15:42:13 EST 2020] checking
[Sun Mar  1 15:42:13 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:13 EST 2020] payload
[Sun Mar  1 15:42:13 EST 2020] POST
[Sun Mar  1 15:42:13 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:13 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:13 EST 2020] _ret='0'
[Sun Mar  1 15:42:13 EST 2020] code='200'
[Sun Mar  1 15:42:13 EST 2020] Pending
[Sun Mar  1 15:42:13 EST 2020] sleep 2 secs to verify
[Sun Mar  1 15:42:15 EST 2020] checking
[Sun Mar  1 15:42:15 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:15 EST 2020] payload
[Sun Mar  1 15:42:15 EST 2020] POST
[Sun Mar  1 15:42:15 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:15 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:15 EST 2020] _ret='0'
[Sun Mar  1 15:42:15 EST 2020] code='200'
[Sun Mar  1 15:42:15 EST 2020] smtp.jhmg.net:Verify error:Timeout during connect (likely firewall problem)
[Sun Mar  1 15:42:15 EST 2020] Skip for removelevel:
[Sun Mar  1 15:42:15 EST 2020] pid='28668'
/root/.acme.sh/acme.sh: line 2264: kill: (28668) - No such process
[Sun Mar  1 15:42:15 EST 2020] No need to restore nginx, skip.
[Sun Mar  1 15:42:15 EST 2020] _clearupdns
[Sun Mar  1 15:42:15 EST 2020] dns_entries
[Sun Mar  1 15:42:15 EST 2020] skip dns.
[Sun Mar  1 15:42:15 EST 2020] _on_issue_err
[Sun Mar  1 15:42:15 EST 2020] Please add '--debug' or '--log' to check more details.
[Sun Mar  1 15:42:15 EST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Mar  1 15:42:15 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:15 EST 2020] payload='{}'
[Sun Mar  1 15:42:16 EST 2020] POST
[Sun Mar  1 15:42:16 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41443959/wVLJbA'
[Sun Mar  1 15:42:16 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 15:42:16 EST 2020] _ret='0'
[Sun Mar  1 15:42:16 EST 2020] code='400'
[Sun Mar  1 15:42:16 EST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.2.3 on Jan 29 2014 05:22:25
   running on Linux version #1 SMP Tue Jun 19 21:26:04 UTC 2018, release 2.6.32-754.el6.x86_64, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #undef WITH_LIBWRAP
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

NOTE: Even though the debug trace says it started the TLS server with

openssl s_server -www -cert /root/.acme.sh/smtp.jhmg.net/tls.validation.cert  -key /root/.acme.sh/smtp.jhmg.net/tls.validation.key  -accept 443 -alpn acme-tls/1

I ran netstat -nat several times during this period and never saw an open port 443. This is running as root. Also, I verified that incoming traffic is received on 443, with netcat (nc).

My web server is (include version): None

The operating system my web server runs on is (include version): CentOS 6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): acme.sh 2.8.6

_az · March 1, 2020, 10:06pm

The port looks filtered to me. Did you try connecting from an external host, or from the same server you were testing?

Check the firewall rules on your Digital Ocean control panel.

Review any iptables rules on the server:

sudo iptables-save

jhg · March 2, 2020, 12:25am

You were right I had the wrong port open in iptables.

HOWEVER, I’ve fixed that and confirmed that I startup a nc server on 443 and connect to it with nc from an external host. Now I get the following (from the s_server startup):

...
[Sun Mar  1 19:22:39 EST 2020] Le_Listen_V4
[Sun Mar  1 19:22:39 EST 2020] Le_Listen_V6
[Sun Mar  1 19:22:39 EST 2020] openssl s_server -www -cert /root/.acme.sh/smtp.jhmg.net/tls.validation.cert  -key /root/.acme.sh/smtp.jhmg.net/tls.validation.key  -accept 443 -alpn acme-tls/1
[Sun Mar  1 19:22:40 EST 2020] serverproc='1135'
[Sun Mar  1 19:22:40 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:40 EST 2020] payload='{}'
[Sun Mar  1 19:22:40 EST 2020] POST
[Sun Mar  1 19:22:40 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:40 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 19:22:41 EST 2020] _ret='0'
[Sun Mar  1 19:22:41 EST 2020] code='200'
[Sun Mar  1 19:22:41 EST 2020] trigger validation code: 200
[Sun Mar  1 19:22:41 EST 2020] sleep 2 secs to verify
[Sun Mar  1 19:22:43 EST 2020] checking
[Sun Mar  1 19:22:43 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] payload
[Sun Mar  1 19:22:43 EST 2020] POST
[Sun Mar  1 19:22:43 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 19:22:43 EST 2020] _ret='0'
[Sun Mar  1 19:22:43 EST 2020] code='200'
[Sun Mar  1 19:22:43 EST 2020] smtp.jhmg.net:Verify error:Connection refused
[Sun Mar  1 19:22:43 EST 2020] Skip for removelevel:
[Sun Mar  1 19:22:43 EST 2020] pid='1135'
/root/.acme.sh/acme.sh: line 2264: kill: (1135) - No such process
[Sun Mar  1 19:22:43 EST 2020] No need to restore nginx, skip.
[Sun Mar  1 19:22:43 EST 2020] _clearupdns
[Sun Mar  1 19:22:43 EST 2020] dns_entries
[Sun Mar  1 19:22:43 EST 2020] skip dns.
[Sun Mar  1 19:22:43 EST 2020] _on_issue_err
[Sun Mar  1 19:22:43 EST 2020] Please add '--debug' or '--log' to check more details.
[Sun Mar  1 19:22:43 EST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Mar  1 19:22:43 EST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] payload='{}'
[Sun Mar  1 19:22:43 EST 2020] POST
[Sun Mar  1 19:22:43 EST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/41475181/2WTwyw'
[Sun Mar  1 19:22:43 EST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun Mar  1 19:22:44 EST 2020] _ret='0'
[Sun Mar  1 19:22:44 EST 2020] code='400'
[Sun Mar  1 19:22:44 EST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.2.3 on Jan 29 2014 05:22:25
   running on Linux version #1 SMP Tue Jun 19 21:26:04 UTC 2018, release 2.6.32-754.el6.x86_64, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #undef WITH_LIBWRAP
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

_az · March 2, 2020, 12:45am

Run with --debug 2.

The openssl s_server process is crashing, but we can’t see why because acme.sh is suppressing the output.

The one obvious reason it would crash is if something was already bound to 443.

jhg · March 2, 2020, 1:33am

I fear my openssl may be too old on CentOS 6:

$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

The error is

unknown option -alpn

I will try with port 80 and HTTP

jhg · March 2, 2020, 1:38am

That was the issue, verification worked on port 80

Thanks

system · April 1, 2020, 1:38am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Wildcard sertificates dosn't issueed have timeout (acme.sh) Help	57	4736	October 24, 2019
Renewal failure: Timeout / TLS/SSL connection has been closed Help	5	325	August 8, 2024
Wonder why acme.sh loops with wget returning 2 on nonce request Help	13	4105	October 4, 2018
All ports and files verified and accessible. Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain Help	3	1584	December 22, 2017
Connection timed out Help	8	3465	November 18, 2019

Acme says VerifyError:Timeout even though port 443 is open

Related topics