Cannot renew certbot. SSL EOF Error is IP Blocked?

Help
1

Hello Team,

Please UNBLOCK our IP Address.

My domain is: tst2public.xxx

I ran this command: certbot certonly

It produced this output:
C:\Windows\system32>certbot certonly
Saving debug log to C:\Certbot\log\letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
An unexpected error occurred:
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache Tomcat 9

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.1

Public IP Address: x.x.x.x

Also tried 'certbot renew' but same result.
PS: Is there a way to remove our domain name and public IP address from this post after our issue is resolved?

Thanks in advance.

2

We are not blocking the public IP address you provided. Is it possible your system is behind a firewall that's interfering with your outbound traffic to the Let's Encrypt API?

You would need to proactively delete your post (this option is time-limited) or request that a forum moderator delete it. We will honor these requests, but we strongly discourage them. They make extra work for our (mostly volunteer) moderators and (mostly overburdened) staff; they reduce the amount of information that's available to help other community members in the future; and they do little or nothing for security, because it is trivially easy to index and discover the OS, Web server, and domain(s) that are running on any given IP address.

4 Likes
3

Thank you so much for your help.

We removed firewall rule and the renewal worked.

We will check if there was any change made in the firewall as just three months ago we renewed the cert without any issue.

4 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.