Activation and renewal errors

POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/277007748486 failed: cURL error 35: TCP connection reset by peer (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/acme/authz-v3/277007748486

OR

Could not obtain directory: cURL error 56: TCP connection reset by peer (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory

Manually runnning curl is up and down. When is not working:

curl -Ikv https://acme-v02.api.letsencrypt.org/directory

  • About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
  • Trying 172.65.32.248...
  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • NSS error -5961 (PR_CONNECT_RESET_ERROR)
  • TCP connection reset by peer
  • Closing connection 0
    curl: (35) TCP connection reset by peer

This happens on newer and older NSS packages

Any idea?

Hello @mmfacc, welcome to the Let's Encrypt community. :slightly_smiling_face:

Maybe related to this:

Very unlikely. A faulty local network routing would be failing always.

@mmfacc Do these curl requests work reliably?

curl -I https://www.cloudflare.com
curl -I https://www.google.com

Fair enough. :slight_smile:

randomly
curl -I https://www.cloudflare.com
curl: (35) Network file descriptor is not connected
curl: (35) TCP connection reset by peer

curl -I https://www.google.com wors most reliably

Looks like intermittent connective issues between your system and the Internet.
Where, hard to say at this point.

But does google still fail some times? Because then yes a general comms issue connecting outbound from your system.

If google was 100% but the other two sometimes failed that's different. Because Let's Encrypt API also uses Cloudflare.

I took that as a minor type for worst, and assumed it meant
"curl -I https://www.google.com/ being the least reliable"

I read it as was.
I guess my automatic autocorrection worked bess - lol

Are you on WiFi?

Please show these outputs:

traceroute -T -p 443 www.google.com
traceroute -T -p 443 acme-v02.api.letsencrypt.org

Doing some test it looks like the problem with cloudflare as curl google always works.
At this point it looks to be some kind upstream provider routing issue.

Also noticing raising Error Counts on our LE Monitoring ... guess there is a Problem on LE side since about 8:10pm ... :person_shrugging:t2:

@futureweb You should probably start a new thread with your detailed observations. The problems might overlap but possibly not.

Ccurrently not on my PC, just had a quick look into the boards on my mobile phone to check If problems are reported as my monitoring reported elevated LE Renewal Errors ...
If they persist when I'm back on my PC I will open own Thread with more Details (on phone too much hassle to aggregate all needed info ... also no actual threat on my side as we Queue all create/renewals on failure)