I ran this command: sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --issue -d www.wesain.fi -d wesain.fi -w /usr/local/apache/autossl_tmp --debug 2
It produced this output:
[Tue Nov 13 13:36:55 EET 2018] Lets find script dir.
[Tue Nov 13 13:36:55 EET 2018] SCRIPT=’/root/.acme.sh/acme.sh’
[Tue Nov 13 13:36:55 EET 2018] _script=’/root/.acme.sh/acme.sh’
[Tue Nov 13 13:36:55 EET 2018] _script_home=’/root/.acme.sh’
[Tue Nov 13 13:36:55 EET 2018] Using config home:/root/.acme.sh/cwp_certs
[Tue Nov 13 13:36:55 EET 2018] LE_WORKING_DIR=’/root/.acme.sh/cwp_certs’
v2.7.9
[Tue Nov 13 13:36:55 EET 2018] _main_domain=‘www.wesain.fi’
[Tue Nov 13 13:36:55 EET 2018] _alt_domains=‘wesain.fi’
[Tue Nov 13 13:36:55 EET 2018] Using config home:/root/.acme.sh/cwp_certs
[Tue Nov 13 13:36:55 EET 2018] ACME_DIRECTORY=‘https://acme-v01.api.letsencrypt.org/directory’
[Tue Nov 13 13:36:55 EET 2018] _ACME_SERVER_HOST=‘acme-v01.api.letsencrypt.org’
[Tue Nov 13 13:36:55 EET 2018] DOMAIN_PATH=’/root/.acme.sh/cwp_certs/www.wesain.fi’
[Tue Nov 13 13:36:55 EET 2018] ‘/usr/local/apache/autossl_tmp’ does not contain ‘dns’
[Tue Nov 13 13:36:55 EET 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Nov 13 13:36:55 EET 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Nov 13 13:36:55 EET 2018] GET
[Tue Nov 13 13:36:55 EET 2018] url=‘https://acme-v01.api.letsencrypt.org/directory’
[Tue Nov 13 13:36:55 EET 2018] timeout=
[Tue Nov 13 13:36:55 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/cwp_certs/http.header --trace-ascii /tmp/tmp.RDmPE4KpLf -g ’
[Tue Nov 13 13:37:52 EET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Tue Nov 13 13:37:52 EET 2018] Here is the curl dump log:
[Tue Nov 13 13:37:52 EET 2018] == Info: About to connect() to acme-v01.api.letsencrypt.org port 443 (#0)
== Info: Trying 104.122.249.164…
== Info: Connected to acme-v01.api.letsencrypt.org (104.122.249.164) port 443 (#0)
== Info: Initializing NSS with certpath: sql:/etc/pki/nssdb
== Info: CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
== Info: NSS error -5961 (PR_CONNECT_RESET_ERROR)
== Info: TCP connection reset by peer
== Info: Closing connection 0
Can’t paste any more because of link number restrictions
My web server is (include version): Apache/2.4.34
The operating system my web server runs on is (include version): CentOS 7.5.1804
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): CWPpro version: 0.9.8.740
Hello.
I’m trying to generate a certificate to a domain wesain.fi, but I’m running into problems. I’ve been using AutoSSL in CWP, and it has worked before, but now it doesn’t work with any domain.
I tried generating the certificate with the command in the beginning, and it failed as well.
We are using CentOS Web Panel, and normally we use its built-in AutoSSL tool to get Let’s Encrypt certificates, which has worked before. I used acme.sh directly for debugging purposes.
Here’s a log entry from AutoSSL:
AutoSSL Issue Failed![Mon Nov 12 08:47:03 EET 2018] Please refer to https://curl
.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Mon Nov 12 08:47:03 EET 2018] Can not init api.
[Mon Nov 12 08:47:03 EET 2018] Single domain=‘wesain.fi’
[Mon Nov 12 08:47:03 EET 2018] Getting domain auth token for each domain
[Mon Nov 12 08:47:03 EET 2018] Getting webroot for domain=‘wesain.fi’
[Mon Nov 12 08:47:03 EET 2018] Getting new-authz for domain=‘wesain.fi’
[Mon Nov 12 08:47:58 EET 2018] Please refer to https://curl.haxx.se/libcurl/c/li
bcurl-errors.html for error code: 35
[Mon Nov 12 08:47:58 EET 2018] Can not init api.
[Mon Nov 12 08:48:53 EET 2018] Please refer to https://curl.haxx.se/libcurl/c/li
bcurl-errors.html for error code: 35
[Mon Nov 12 08:48:53 EET 2018] Can not connect to https://acme-v01.api.letsencry pt.org/directory to get nonce.
[Mon Nov 12 08:48:53 EET 2018] Can not get domain new authz.
[Mon Nov 12 08:48:53 EET 2018] Please check log file for more details: /root/.ac
me.sh/acme.sh.log
I updated curl to version 7.62, and updated it’s dependancies as well. The problem went away from another similar server of ours, but it still persists on the original server.
EDIT:
Never mind, the problem came back to the other server.
A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.
So try a manual use of curl with the -v option. Looks like your server has a deprecated configuration.
Have you tried to update all server softwares from your system repo?
Also, please try to use curl -vvvv -I -L https://acme-v01.api.letsencrypt.org/directory and share us the full outputs in an online text bin service link (such as Pastebin.com)
Tried using openssl, with command “openssl s_client -connect acme-v01.api.letsencrypt.org:443” and received “write:errno=104”. Other server, which works (sometimes) didn’t receive it.
If I understood you correctly, I ran “curl https://www.ssllabs.com/ssltest/viewMyClient.html” from the command line. I then ran the same command on another CWP-server, which has AutoSSL working. I saved both results in .html-file and compared them, and they were identical.
I don't, sorry. More or less every month there is a user or two who have problems with the specific Akamai servers that are closest to them, for whom that workaround helps.
However, in the years that this has been happening, I've never seen anybody been able to pin it down and debugging on both ends has been fruitless.
If it affects your entire network, perhaps you can get your NOC look into it. If it only affects a single server, then I have no idea.
There were problems on multiple servers at one point, but all the others started to work on their own. For now it’s only been a single server with this issue (that we know of).