Bad Handshake issue, Unable to Connect to LetsEncrypt server

_netwolf · August 14, 2021, 8:22pm

My domain is: hemphealth.cc

I ran this command:

sudo certbot --nginx -d hemphealth.cc -d www.hemphealth.cc

It produced this output:

requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')")))

My web server is (include version):

NGINX 1.18.0

The operating system my web server runs on is (include version):

Ubuntu 20.04

My hosting provider, if applicable, is:

OVH US

I can login to a root shell on my machine:

Yes

I'm using a control panel to manage my site:

No

The version of my client is:

certbot 0.40.0

I am going to assume that this is just a DDOS mitigation issue given that OVH tends to have a lot of blocked IP's. How can I proceed?

Osiris · August 14, 2021, 8:26pm

We probably need the help of @lestaff to check if your IP address is blocked indeed.

petercooperjr · August 14, 2021, 8:27pm

Yup; it looks like the "temporary" blocking described in this thread:

_netwolf · August 14, 2021, 8:28pm

Awesome, thank you for your help.

rg305 · August 14, 2021, 8:28pm

Try:
curl -v https://acme-v02.api.letsencrypt.org/directory
OR
curl -I https://acme-v02.api.letsencrypt.org/directory

_netwolf · August 14, 2021, 8:31pm

I went ahead and ran the command, this is the output:

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443

I am assuming it's a blocked ip, just a waiting game atm, thank you all for your help

Osiris · August 14, 2021, 8:32pm

Which is to be expected if requests also couldn't connect. Let's wait until the LE staff has decided if the IP is blocked or not. @_netwolf You might be asked to PM the IP address involved.

rg305 · August 14, 2021, 8:34pm

It seems that way.
We can confirm that curl is working with another test:
curl -I https://google.com/

Then we can be even more sure - LOL

_netwolf · August 14, 2021, 8:36pm

One can never be too sure, might just ping google to verify.

JamesLE · August 15, 2021, 5:40am

Yes, we had blocked this IP address as part of mitigating a DDoS attack. It's unblocked now. If you've had this IP address for more than a couple of months, then it's likely that your system is compromised and you'll need to thoroughly investigate.

_netwolf · August 15, 2021, 7:40am

Yep, the service was started 8-14-2021 at 1200 CST. OVH is notoriously bad with responding to tickets, thank you for helping me out.

system · September 14, 2021, 7:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.