Cannot reach API endpoint from New Zealand

My domain is: jishnu.co.nz

I ran this command:
curl -k https://acme-v02.api.letsencrypt.org/directory

It produced this output:
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to acme-v02.api.letsencrypt.org:443

My web server is (include version):
I've replicated this from various web servers and clients.

The operating system my web server runs on is (include version): N/A

My hosting provider, if applicable, is: N/A

I've tried to access the https://acme-v02.api.letsencrypt.org/directory URL from multiple places within New Zealand and all seem to return the same error as above. Is there a CloudFlare or routing issue at the moment that could be preventing this from connecting? From your status page it looks like there was a connection issue a couple of days ago, could this be in any way connected?

2 Likes

Same here in Auckland New Zealand.
Tried to issue Cert at 12:56pm NZT (UTC+12) 11th of July.
None of the new certs or renew requests can be installed. Error as the author posted above.

2 Likes

It seems possible Cloudflare is having trouble in New Zealand. I'm phoning them now.

3 Likes

While I get in touch with them, can anyone experiencing this issue paste the output of https://cloudflare.com/cdn-cgi/trace from the same network you're experiencing trouble?

3 Likes

I have tried to renew a few domains from Plesk, which don't use CloudFlare at all (I've also checked their DNS network which aren't related with CF), same error.

We use cloudflare

4 Likes
fl=46f36
h=cloudflare.com
ip=49.224.200.116
ts=1720660274.643
visit_scheme=https
uag=Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0
colo=AKL
sliver=005-tier2
http=http/2
loc=NZ
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519
3 Likes

fl=46f58
h=cloudflare.com
ip=103.138.130.118
ts=1720660091.759
visit_scheme=https
uag=Mozilla/5.0 (...)
colo=AKL
sliver=010-akl01
http=http/3
loc=NZ
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=...

3 Likes

We're investigating with Cloudflare (who hosts our API), and it appears to be some sort of network disruption between NZ and our origin servers. They say the errors have gone down and it looks like it might be working again. There's not a lot we can do at this point, but I'll continue to follow up with them.

5 Likes

Same issue for me still.

The other day there was a general dip in traffic for my site in Cloudflare while Let's Encrypt was also receiving error reports.

It looks very much to me like Cloudflare are doing maintenance on each geographic region in turn over the last few days, and each maintenance window involves real downtime (e.g. the traffic is supposed to be routed elsewhere, but is not):

I guess we just wait until they finish their updates but it seems unusually disruptive, that suggests to me there is a security reason for their rolling updates (pure speculation, but it's unusual for Cloudflare to see downtime as acceptable).

5 Likes

Cloudflare didn’t seem to think this was expected at all. They do routine maintenance in their locations but said nothing was happening in Auckland at the moment. It is somewhere in between us and them. I’ve got a ticket open with an ongoing investigation, but nothing clear yet.

6 Likes

Yep, well you probably saw the dip in the 24hr view of your cloudflare dashboard as well, expected or not - the problem with analytics is it doesn't hide the bad stuff.

3 Likes

A short while ago it was working briefly, but has since stopped working again.

Cloudflare's own latency analytics tool shows their Christchurch and Auckland PoPs are getting TCP Timeouts reaching Let's Encrypt.

We have an open ticket with them.

In the meantime, I have several suggestions:

  1. If you can, see if you can use a VPN or proxy to route out of New Zealand and find another working network path.
  2. Consider using another Certificate Authority. There are multiple free options, and others may not be encountering the same issue.

We have limited visibility from New Zealand, so replies here confirming if you're still having trouble are helpful.

4 Likes

Can confirm that it's still not working for me, here in Christchurch NZ. Trying to set up a new server and assumed I was doing something wrong for some time before I found this post :confused:
curl -I https://acme-v02.api.letsencrypt.org/directory results in "connection reset by peer..."

1 Like

You can also follow along on our status page, Let's Encrypt Status

5 Likes

Hey, I cannot see anything new on the status page yet, are there any updates?

@aidan123 If you're in a hurry just use a different CA. ACME CAs

4 Likes

We have confirmed it's an internet connection problem between Cloudflare out of New Zealand, and are still working on resolving the issue with them.

6 Likes