Can't connect to acme-v01.api.letsencrypt.org - CERTBOT

lor54 · September 15, 2017, 2:45pm

I ran this command:

certbot certonly

It produced this output:

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ZeroReturnError

My web server is (include version):

nginx 1.12.1

The operating system my web server runs on is (include version):

Debian 8

My hosting provider, if applicable, is:

Zare

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

(I have ipv4 and ipv6 on my vps and in the resolve.conf i use google dns (ipv4 and ipv6))

Thanks in advance to all!

cpu · September 15, 2017, 3:09pm

Hi @lor54,

Does your webserver have working internet connectivity to the outside world? Does curl google.com work as expected?

lor54 · September 15, 2017, 3:37pm

Yes, it works if I do curl acme-v01.api.letsencrypt.org too. @cpu

cpu · September 15, 2017, 3:39pm

@schoen Do you know what this ZeroReturnError might be in the context of Certbot reaching out to the ACME directory?

schoen · September 15, 2017, 5:27pm

@cpu, this is an error generated from inside of OpenSSL which has something to do with a problem reading or writing on a TLS socket that has already been shut down by a TLS disconnection. It’s not related to any previously-known Certbot bugs, as far as I’m aware.

This still makes me wonder if this machine is making outbound HTTPS connections through some kind of proxy or firewall that has the ability to interfere with them for some reason.

It would be good to see the logs from /var/log/letsencrypt to try to find out what Certbot was trying to do at that point — but I’m afraid it’s probably just going to be the initial GET on the directory.

lor54 · September 15, 2017, 5:41pm

@cpu @schoen Thanks for the information, this is the log.
https://pastebin.com/SZVdGzLK

system · October 15, 2017, 5:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.